Elastic Bamboo - The supplied AWS account credentials are either not valid or cannot be used to access EC2 services

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptom

The following error appears in Bamboo UI upon selecting Save changes when Configuring Elastic Bamboo.

1 The supplied AWS account credentials are either not valid or cannot be used to access EC2 services. The error message was: AWS was not able to validate the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure;

Causes

There are three likely causes of this issue:

  1. AWS Access Key and Private Key are incorrect.

  2. AWS user is not part of a group or role with enough privileges. Login to AWS and select, Identity & Access Management > Users > ${user} > Permissions to verify.

  3. Time on Bamboo's host sever requires synchronization.

    3.1 As a side effect, this has been found to break the application links between Atlassian applications. Setting the time correctly fixes all issues with links.

Resolution

Bamboo supports only the AWS access key and AWS secret access key for its Elastic Agent configuration. AWS access token is currently not supported and its implementation is being tracked by this Feature Request BAM-22410 - Add AWS_SESSION_TOKEN as part of the Elastic Agent credentials in Bamboo

  1. AWS Access Key and Private Key are incorrect

    1. Login to Amazon Web Services EC2

    2. Select, Identity & Access Management > Users > {your created user} > Security Credentials > Create Access Key

      Once the new keys are created, input them into the Elastic Bamboo Configuration. 

  2. AWS user does not have enough permissions to manage EC2 instances

    1. Login to Amazon Web Services EC2

    2. Select, Identity & Access Management > Groups > Create New Group

    3. Create a group name (e.g. elastic-bamboo)

    4. Add the required permissions to that group as documented on this page: AWS Permissions for Elastic Bamboo

      Once a new group is created, add a user to the group in AWS, and Save changes in Elastic Bamboo Configuration.

  3. Time on Bamboo's host server needs to be updated

    1. Unix/Linux - Update time using NTP

      1 2 3 $ service ntp stop $ ntpd -gq $ service ntp start

    2. Windows - Update using net time and W32tm

      1 2 $ net time \\timesrv /set /yes $ w32tm /config /update
Updated on April 8, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSymptomCausesResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community