[英]Error registering: NoCredentialProviders: no valid providers in chain ECS agent error
Im trying to use EC2 Container service.我正在尝试使用 EC2 容器服务。 Im using terraform for creating it.
我使用 terraform 来创建它。 I have defined a ecs cluster, autoscaling group, launch configuration.
我已经定义了一个 ecs 集群、自动缩放组、启动配置。 All seems to work.
一切似乎都有效。 Except one thing.
除了一件事。 The ec2 instances are creating, but they are not register in the cluster, cluster just says no instances available.
ec2 实例正在创建,但它们没有在集群中注册,集群只是说没有可用实例。
In ecs agent log on created instance i found logs flooded with one error:在创建实例的 ecs 代理日志中,我发现日志充满了一个错误:
Error registering: NoCredentialProviders: no valid providers in chain
注册错误:NoCredentialProviders:链中没有有效的提供者
The ec2 instances are created with a proper role ecs_role. ec2 实例是使用适当的角色 ecs_role 创建的。 This role has two policies, one of them is following, like docs required:
这个角色有两个策略,其中之一如下,比如需要的文档:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecs:Submit*",
"ecs:StartTask"
],
"Resource": "*"
}
]
}
Im using ami ami-6ff4bd05 .我正在使用 ami ami-6ff4bd05 。 Latest terraform.
最新terraform。
It was a problem with trust relationships in the role as the role should include ec2.角色中的信任关系存在问题,因为角色应该包括 ec2。 Unfortunately the error message was not all that helpful.
不幸的是,错误消息并不是那么有用。
Example of trust relationship:信任关系示例:
{
"Version": "2008-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"]
},
"Effect": "Allow"
}
]
}
您可能希望将 AmazonEC2RoleforSSM(或 AmazonSSMFullAccess)添加到您的 EC2 角色。
显然,当传递无效的 aws-profile 时,也会出现此错误消息。
I spent 2 days trying out everything without any luck.我花了 2 天的时间尝试了一切,但没有任何运气。 I have a standard setup ie ecs cluster instance in private subnet, ELB in public subnet, NAT and IGW properly set up in respective security groups, IAM role properly defined, standard config in NACL, etc. Despite everything the ec2 instances wouldnt register with the ecs cluster.
我有一个标准设置,即私有子网中的 ecs 集群实例、公共子网中的 ELB、相应安全组中正确设置的 NAT 和 IGW、正确定义的 IAM 角色、NACL 中的标准配置等。尽管如此,ec2 实例不会注册到ecs 集群。 Finally I figured out that my custom VPC's DHCP Options Set was configured for 'domain-name-servers: xx.xx.xx.xx, xx.xx.xx.xx' IP address of my org's internal DNS IPs...
最后我发现我的自定义 VPC 的 DHCP 选项集是为我的组织内部 DNS IP 的“域名服务器:xx.xx.xx.xx, xx.xx.xx.xx”IP 地址配置的...
The solution is to have following values for the DHCP Options Set: Domain Name: us-west-2.compute.internal (assuming your vpc is in us-west-2), Options: domain-name: us-west-2.compute.internal domain-name-servers: AmazonProvidedDNS解决方案是为 DHCP 选项集设置以下值:域名: us-west-2.compute.internal (假设您的 vpc 在 us-west-2 中),选项:域名: us-west-2。 compute.internal域名服务器: AmazonProvidedDNS
如果您使用 taskDefinition ,请检查您是否设置了执行和 taskRole ARN 并为该角色设置了正确的策略。
I got this error today and figured out the problem: I missed setting the IAM role
in launch template (it is under Advanced
section).我今天收到此错误并找出问题所在:我错过了在启动模板中设置
IAM role
(它在“ Advanced
”部分下)。 You need to set it to ecsInstanceRole
(this is the default name AWS gives - so check if you have changed it and use accordingly).您需要将其设置为
ecsInstanceRole
(这是 AWS 提供的默认名称 - 因此请检查您是否更改了它并相应地使用)。
I had switched from Launch Configuration to Launch Template, and while setting up the Launch Template, I missed adding the role!我已经从启动配置切换到启动模板,在设置启动模板时,我错过了添加角色!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.