Jon
CCoder.com
•Created by Jon on 2/18/2025 in #help
Able to upload layers but not able to use them in build
Hi,
I am seeing this in the logs:
#3: Checking for cached layer asdf.dkr.ecr.us-east-1.amazonaws.com/coder:14738e092c2ef6eeaea12a627349d9b2e2a1e79c99525e370b423b40ec2fc97a...
#3: Could not fetch credentials for cache prefix, disabling cache
#3: Retrieving credentials
#3: Calling ECR.GetAuthorizationToken
#3: Failed to retrieve layer: GET https://asd.dkr.ecr.us-east-1.amazonaws.com/v2/coder/manifests/14738e092c2ef6eeaea12a627349d9b2e2a1e79c99525e370b423b40ec2fc97a: unexpected status code 401 Unauthorized: Not Authorized
it appears that the layer already exists in ECR.
My envbuilder looks like this:
envbuilder_env = {
"AWS_SDK_LOAD_CONFIG" : "true", # Ensures AWS SDK picks up IAM role credentials
"CODER_AGENT_TOKEN" : coder_agent.main.token,
"CODER_AGENT_URL" : replace(data.coder_workspace.me.access_url, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal"),
"ENVBUILDER_INIT_SCRIPT" : replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal"),
"ENVBUILDER_FALLBACK_IMAGE" : data.coder_parameter.fallback_image.value,
"ENVBUILDER_PUSH_IMAGE" : "true",
"ENVBUILDER_PUSH_IMAGE": 1,
"ENVBUILDER_GIT_USERNAME" : "${data.coder_external_auth.github.access_token}",
"ENVBUILDER_VERBOSE" : "true",
}
and my ECR role looks like this:
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:CompleteLayerUpload",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
"ecr:DescribeImages",
"ecr:DescribeRepositories"
Is there anything I'm missing here?
Thanks!2 replies