Hi folks, today I’m facing a strange issue. I’m using

AWSSecretsManager

in a flow which runs on Prefect Fargate Agent. The flow works fine if the flow runs with

launch_type="FARGATE"

If the flow runs with

launch_type="EC2"

then I get the following error:

botocore.exceptions.NoRegionError: You must specify a region.

It seems that the flow cannot pick the region from the provided task/execution role… Any suggestions?

I have no definitive answer to this, but from what I understand, the SecretID is the same across both LaunchType. Since one of the two doesn’t work, I assume the SecretID is not using the ARN-type (Which would contains the Region code). This would led me to think that somehow the Region in FarGate is given as an ENV Var, and that it is not the case in EC2. (ENV var that Boto3 would recover at runtime) Hope this help you figuring out your problem!

Hi @Raphaël Riel! The secret ID is passed in using the ARN-type

Oh, so the problem lies in booting an Agent on AWS, and not retrieving the secret!

Yep, I can confirm

Are the EC2's underlying VPC/Networks allowing outbound connections to the internet? If your EC2-based container can’t communicate back to the PRefect’s server or cloud, it wont be able to pick up flows.

Other flows are running fine so it seems not to be a problem related to networking…

Ok. Unfortunately I’m out of ideas 😛 I wish you good luck with that!

It's the Fargate Agent, I don't think it's intended to run on EC2 at all

@josh said that the Fargate Agent should be able to run flows on both Fargate and EC2 https://prefect-community.slack.com/archives/C014Z8DPDSR/p1602767211198500?thread_ts=1602751641.197400&cid=C014Z8DPDSR

Is this the task to start the flow or the flow run itself? ¯\_(ツ)_/¯