堆栈内存溢出
  简体   繁体   English

在EC2实例上使用IAM角色“无基本身份验证凭据”

[英]“No basic auth credentials” using IAM role on EC2 instance

 原文  2017-08-29 21:48:43       amazon-web-services/ docker/ amazon-ec2/ amazon-cloudformation

问题描述

My EC2 instance can't authenticate using an IAM role. 我的EC2实例无法使用IAM角色进行身份验证。 The instance shows the correct role in the AWS console: IAM role: Docker-WorkerRole-DPET4SO6HV87 . 该实例在AWS控制台中显示了正确的角色: IAM role: Docker-WorkerRole-DPET4SO6HV87 Clicking that opens up the Role console, where I can see the correct policy listed: 'ecr-pull-image' . 单击以打开“角色”控制台,在其中可以看到列出的正确策略: 'ecr-pull-image' A click on that shows the following permissions: 单击显示以下权限: 

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Action": [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

The Trusted Entities tab shows: 可信实体选项卡显示: 

The identity provider(s) autoscaling.amazonaws.com
The identity provider(s) ec2.amazonaws.com

It works in the simulator. 它可以在模拟器中工作。

But when I when hop on that instance and try to pull an image I get no basic auth credentials : 但是当我跳到那个实例并尝试提取图像时,我没有基本的身份验证凭据 

$ docker pull 4----------7.dkr.ecr.us-west-2.amazonaws.com/gc01_data:1.0.0
Error response from daemon: Get https://4----------7.dkr.ecr.us-west-2.amazonaws.com/v2/gc01_data/manifests/1.0.0: no basic auth credentials

Or, after attempting docker stack deploy , my docker.log shows the same: 或者,在尝试docker stack deploy之后 ,我的docker.log显示相同: 

Aug 29 21:05:15 moby root: time="2017-08-29T21:05:15.434428743Z" level=debug msg="Trying to pull 4----------7.dkr.ecr.us-west-2.amazonaws.com/gc01_data from https://4----------7.dkr.ecr.us-west-2.amazonaws.com v2"  
Aug 29 21:05:15 moby root: time="2017-08-29T21:05:15.449145816Z" level=info msg="Attempting next endpoint for pull after error: Get https://4----------7.dkr.ecr.us-west-2.amazonaws.com/v2/gc01_data/manifests/1.0.0: no basic auth credentials"

Can't see what's missing. 看不到缺少的东西。 Thanks. 谢谢。

1 个解决方案

解决方案1
 0  2017-08-31 15:57:47

Ok, I should have said this was a Docker-4-AWS Swarm instance, so this is a known issue: https://github.com/docker/for-aws/issues/5 . 好的,我应该说这是一个Docker-4-AWS Swarm实例,所以这是一个已知问题: https : //github.com/docker/for-aws/issues/5

As a stopgap I'm using @blaketastic's way of using the swarm's guide-aws : 作为权宜之计,我正在使用@blaketastic的使用swarm的aws-aws的方式 

docker exec -it guide-aws sh -c 'aws ecr get-login --region us-east-1 --no-include-email'

This is a way to access ecr without using/storing AWS credentials on the instance. 这是一种无需在实例上使用/存储AWS凭证即可访问ecr的方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 IAM 角色而不是凭证从使用 terraform 的 EC2 实例创建 aws 资源 - Use IAM role instead of credentials to create aws resource from an EC2 instance using terraform 如何使用与EC2实例关联的IAM角色从Amazon检索临时AWS凭证(在Java中)? - How to retrieve temporary AWS credentials from Amazon using IAM role associated with the EC2 instance(in java)? 使用基本凭证访问EC2实例 - Access EC2 Instance using Basic Credentials AWS EC2 IAM 角色凭证 - AWS EC2 IAM Role Credentials 使用Terraform将现有IAM角色添加到EC2实例 - Added existing IAM role to EC2 instance using Terraform 使用 terraform 将 IAM 角色附加到现有 EC2 实例 - Attach IAM role to existing EC2 instance using terraform 在多个 AWS 账户上使用 IAM 角色启动 EC2 实例 - Launch EC2 Instance using IAM Role on Multiple AWS accounts 具有跨账户 IAM 角色的 EC2 实例 - EC2 instance with a cross account IAM role 带有IAM角色的EC2实例的AccessDenied - AccessDenied for EC2 Instance with attached IAM Role 如何将IAM角色应用于EC2实例? - How to apply IAM Role to EC2 instance?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM