在实例上设置 aws opsworks 时出现凭证错误
Posted
技术标签:
【中文标题】在实例上设置 aws opsworks 时出现凭证错误【英文标题】:Credentials errors setting up aws opsworks on instance 【发布时间】:2020-10-21 09:42:35 【问题描述】:我正在尝试在 Ubuntu EC2 实例上设置 opsworks 以监控日志。我正在向 Opsworks 注册我的实例。我得到的注册命令是(插入 x 以保护信息)
aws opsworks register --use-instance-profile --infrastructure-class ec2 --region xx-west-xx --stack-id xxxxxxx-fe9c-xxxxx-99f8-xxxxxxx --local
但是,当我运行此命令时,安装失败并出现错误
/opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:100:in `require_credentials': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)
这表明我没有设置我的 aws 凭据,但我在 ~/.aws/credentials 中设置了我的 ACCESS_KEY_ID 和 SECRET_ACCESS_KEY,我也尝试将这两个变量导出为环境变量,但我仍然收到相同的错误。知道为什么会发生这种情况吗?
这是完整的输出
[Wed, 01 Jul 2020 01:33:32 +0000] installer-wrapper: Using opsworks-instance-assets-us-west-2.s3.amazonaws.com for assets.
[Wed, 01 Jul 2020 01:33:32 +0000] installer-wrapper: Skipping installation of opsworks-agent-ruby because it's already installed
[Wed, 01 Jul 2020 01:33:32 +0000] installer-wrapper: Cleaning up
[Wed, 01 Jul 2020 01:33:32 +0000] opsworks-init: Starting the installer
/opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:100:in `require_credentials': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:90:in `sign_authenticated_requests'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:83:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/retry_errors.rb:87:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/json/handler.rb:11:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/user_agent.rb:12:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/plugins/endpoint.rb:41:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/param_validator.rb:21:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/plugins/raise_response_errors.rb:14:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/plugins/response_target.rb:21:in `call'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/request.rb:70:in `send_request'
from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:136:in `register_instance'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:55:in `merge_agent_config'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:14:in `block in generate_agent_config'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:13:in `open'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:13:in `generate_agent_config'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/instance_agent_registration_installer.rb:29:in `block in run'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/log.rb:96:in `measure'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/instance_agent_registration_installer.rb:29:in `run'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/instance_agent_registration_installer.rb:11:in `run'
from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/bin/opsworks-agent-registration-installer.rb:8:in `<main>'
[Wed, 01 Jul 2020 01:35:18 +0000] opsworks-init: Agent installation failed.
[Wed, 01 Jul 2020 01:35:18 +0000] opsworks-init: Please verify the log files found under /var/log/aws/opsworks and submit findings to AWS Support.
【问题讨论】:
通常您会将所需的权限放在实例角色中。你试过吗? 我没有,是在我的实例上还是在 aws 中? 是的,您将角色附加到实例。有关此here 的更多详细信息。 【参考方案1】:您可以查看此错误
/opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:100:in `require_credentials': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)
这表明我没有设置我的 aws 凭据,但我有 我的
ACCESS_KEY_ID和SECRET_ACCESS_KEY都设置在 ~/.aws/credentials 中, 我也尝试将这两个变量导出为环境 变量,但我仍然收到相同的错误。知道为什么这可以 正在发生吗?
首先,在 AWS 中工作时不应该使用ACCESS_KEY_ID,最好使用EC2 instance role。
第二件事,这意味着上面的key没有向AWS opswork stack注册实例的权限。
您需要添加所需的权限才能在 ops 工作堆栈中添加实例。您可以使用以下权限使其工作。
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": [
"opsworks:RegisterInstance",
"opsworks:DeregisterInstance",
"opsworks:DescribeInstances"
],
"Resource": [
"*"
]
]
registered-instance-with-opswork
【讨论】:
不,您需要在实例 IAM 角色中添加此内容,您可以在此处阅读更多内容以创建角色并分配权限 docs.aws.amazon.com/AWSEC2/latest/UserGuide/… 或者您可以分配您为其创建密钥的角色,但我不会推荐这个方法 只需要添加“opsworks:RegisterInstance”,效果很好,感谢您的帮助 完美,我已相应更新,dregister 将来会有所帮助以上是关于在实例上设置 aws opsworks 时出现凭证错误的主要内容,如果未能解决你的问题,请参考以下文章
Terraform:导入 aws 资源时出现凭证错误 - 调用 sts 时出错:GetCallerIdentity:ExpiredToken
是否可以使用 AWS CLI 等到实例“在线”并完成 opsworks 的设置/配置步骤?