Details
-
Bug
-
Resolution: Fixed
-
High
-
None
-
5.7-OD-06-009
-
None
-
None
Description
From version 1.6.14.0 onwards of the Amazon EC2 CLI tools, the private key (-K, --private-key) and X.509 certificate (-C, --cert) options are not supported. This means that custom bamboo EC2 instances will shut down within minutes of starting up if they are using those variables.
You may see the following stack trace on your EC2 instance before it is shut down:
==> setupEbsSnapshot.log <== Unexpected error: org.codehaus.xfire.fault.XFireFault: General security error; nested exception is: java.security.cert.CertificateParsingException: invalid DER-encoded certificate data at org.codehaus.xfire.fault.XFireFault.createFault(XFireFault.java:89) at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:83) at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114) at org.codehaus.xfire.client.Client.invoke(Client.java:336) at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77) at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57) at com.sun.proxy.$Proxy12.createVolume(Unknown Source) at com.amazon.aes.webservices.client.Jec2Impl.createVolume(Jec2Impl.java:2732) at com.amazon.aes.webservices.client.cmd.CreateVolume.invokeOnline(CreateVolume.java:88) at com.amazon.aes.webservices.client.cmd.BaseCmd.invoke(BaseCmd.java:1071) at com.amazon.aes.webservices.client.cmd.CreateVolume.main(CreateVolume.java:98) Caused by: org.apache.ws.security.WSSecurityException: General security error; nested exception is: java.security.cert.CertificateParsingException: invalid DER-encoded certificate data at com.amazon.aes.webservices.client.CryptoProxy.getCertificates(CryptoProxy.java:76) at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:291) at com.amazon.aes.webservices.client.Jec2Impl.signRequest(Jec2Impl.java:301) at com.amazon.aes.webservices.client.Jec2Impl.access$000(Jec2Impl.java:97) at com.amazon.aes.webservices.client.Jec2Impl$1.invoke(Jec2Impl.java:204) at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79) ... 9 more Caused by: java.security.cert.CertificateParsingException: invalid DER-encoded certificate data at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1703) at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:301) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305) at com.amazon.aes.webservices.client.CryptoProxy.getCertByName(CryptoProxy.java:116) at com.amazon.aes.webservices.client.CryptoProxy.getCertificates(CryptoProxy.java:74) ... 15 more ec2-create-volume failed (exit code 0). Output:
To work around this problem you'll need to use your access key ID (-O, --aws-access-key) and secret access key (-W, --aws-secret-key) in scripts and environment variables instead.