How to fix “Something went wrong. Please reboot your vehicle” in the AWS Deepracer Web Console

If you are seeing an error like this while trying to connect to your car’s console you need to perform the following actions:

  1. Connect your AWS DeepRacer vehicle to a monitor. You’ll need an HDMI-to-HDMI, HDMI-to-DVI, or similar cable. Insert a compatable end of the cable into the HDMI port on the vehicle’s chassis and plug the other end into a supported display port on the monitor.
  2. Connect a USB keyboard and mouse. There are three AWS DeepRacer compute module USB ports in the front of the vehicle, on either side of, and including the port the camera is plugged into. A fourth USB port is found at the back of the vehicle. From above, the USB port is located in the space between the compute battery and the LED tail light.
  3. Turn on your DeepRacer and wait until the Login screen appears. Once it appears, login using username and password “deepracer”.
  4. Open a terminal and run:
sudo apt-get update
sudo apt remove aws-deepracer-core
sudo apt-get upgrade # I believe this step might not be necessary but it's what I have done while troubleshooting my car
sudo apt install aws-deepracer-core aws-deepracer-intel-dldt aws-deepracer-pyudev aws-deepracer-sample-models aws-deepracer-util aws-deepracer-webserver
sudo reboot

Once your Car booted you should be able to use the Web Console again.

Cross Account IAM Role for ECS deployments

In my setup I have 2 accounts:

Account A runs CodeCommit + CodePipeline

Account B has an ECS cluster

Most of the steps I did are described in the Create a Pipeline in CodePipeline That Uses Resources guide from AWS.

However, my setup is to deploy to ECS using CodePipeline without using CodeDeploy. So I had to create a CrossAccount role with the following policies.

Policy to access KMS key in account A

{
     "Version": "2012-10-17",
     "Statement": [
         {
             "Sid": "Allow access to KMS key on Account A",
             "Action": [
                 "kms:Decrypt",
                 "kms:DescribeKey",
                 "kms:Encrypt",
                 "kms:GenerateDataKey",
                 "kms:ReEncrypt"             
             ],             
           "Effect": "Allow",             
           "Resource": "KEYARN"
         }
     ]
 } 

Policy to allow access to S3 bucket in account A:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Allow access to S3 bucket in Account A",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::your-bucket-name",
                "arn:aws:s3:::your-bucket-name/*"
            ]
        }
    ]
}

Policy to allow access to ECS in account B

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Allow access to ECS",
            "Effect": "Allow",
            "Action": "ecs:*",
            "Resource": [
                "*"
            ]
        }
    ]
}

Policy to pass the role to ECS:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:PassRole"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEqualsIfExists": {
                    "iam:PassedToService": [
                        "ecs-tasks.amazonaws.com"
                    ]
                }
            }
        }
    ]
}

Without these policies I was getting a lot of different errors in CodePipeline like “The provided role does not have sufficient permissions to access ECS” or “The provided role does not have sufficient permissions (to access certain bucket)..