[英]AWS Cloudwatch logs with Docker Container - NoCredentialProviders: no valid providers in chain
My docker-compose file: 我的docker-compose文件:
version: '2'
services:
scraper:
build: ./Scraper/
logging:
driver: "awslogs"
options:
awslogs-region: "eu-west-1"
awslogs-group: "doctors-logs"
awslogs-stream: "scrapers-stream"
volumes:
- ./Scraper/spiders:/spiders
I have added my AWS credentials to my mac using the aws configure command and the credentials are stored correctly in ~/.aws/credentials 我已使用aws configure命令将AWS凭证添加到我的mac,并且凭证已正确存储在〜/ .aws / credentials中
When I run docker-compose up I get the following error: 当我运行docker-compose up时,出现以下错误:
ERROR: for scraper Cannot start service scraper: Failed to initialize logging driver: NoCredentialProviders: no valid providers in chain.
错误:对于刮板无法启动服务刮板:无法初始化日志记录驱动程序:NoCredentialProviders:链中没有有效的提供程序。
Deprecated.
不推荐使用。 For verbose messaging see aws.Config.CredentialsChainVerboseErrors
有关详细消息传递,请参见aws.Config.CredentialsChainVerboseErrors
ERROR: Encountered errors while bringing up the project.
错误:启动项目时遇到错误。
I believe this is because I need to set the AWS credentials in the Docker Daemon but I cannot work out how this is done on macOs Sierra. 我相信这是因为我需要在Docker Daemon中设置AWS凭证,但是我无法确定在macOs Sierra上如何完成此操作。
I figured out. 我想通了。 When rolling your own EC2 instance (without using automated solutions like Beanstalk), you need to assign a role to your EC2 instance so it will be able to communicate with other AWS services.
滚动自己的EC2实例时(不使用Beanstalk这样的自动化解决方案),您需要为EC2实例分配一个角色,以便它能够与其他AWS服务进行通信。
The policy is the one that Docker docs provide in https://docs.docker.com/engine/admin/logging/awslogs/ 该策略是Docker文档在https://docs.docker.com/engine/admin/logging/awslogs/中提供的策略
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
then you need to attach this policy to a role 那么您需要将此政策附加到角色上
the role is the first one called "Amazon EC2" that reads "Allows EC2 instances to call AWS services on your behalf." 该角色是第一个名为“ Amazon EC2”的角色,其显示为“允许EC2实例代表您调用AWS服务”。
Since you are limiting your access only to CloudWatch, you're good to go. 由于您仅限制对CloudWatch的访问,因此一切顺利。 Then, in your EC2 listing, attach the role to your instance using "Attach/Replace IAM Role":
然后,在您的EC2列表中,使用“附加/替换IAM角色”将该角色附加到您的实例:
You should be good to go! 你应该很好走!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.