CloudWatch agent doesn’t recognize presence of IAM Role


I’m trying to use the CloudWatch logs agent on a RedHat instance with an IAM role attached. The role has full access to CloudWatch. I installed and setup the agent using the instructions here:

Even though the IAM role is definitely attached to the instance, I keep seeing this message in /var/log/awslogs.log:

NoCredentialsError: Unable to locate credentials

When I run aws configure list, I can see the details for the IAM role.

Here is the contents of /var/awslogs/etc/aws.conf.

So why can’t the CloudWatch logs agent find and use the IAM role?


So after much banging my head against the wall, I finally figured out what my problem was. I’m using a proxy to enable the CloudWatch agent to communicate with CloudWatch, and I forgot to add NO_PROXY= to /var/awslogs/etc/proxy.conf. So when the agent attempted to query the metadata for information about the IAM role, it tried to go through the proxy to get it. Once I added the NO_PROXY in, it worked fine.

Leave a Reply