cfn-init 错误:无法检索远程元数据:无凭据
[英]cfn-init error: Unable to retrieve remote metadata : No credentials
问题描述
I have a test template that downloads a single non-public file from an S3 bucket, using cfn-init and an AWS::CloudFormation::Authentication and AWS::CloudFormation::Init sections.
我有一个测试模板,它使用cfn-init和AWS::CloudFormation::Authentication和AWS::CloudFormation::Init部分从 S3 存储桶下载单个非公共文件。
This runs successfully on an Amazon AMI, but on an Ubuntu AMI, it fails with this error:这在 Amazon AMI 上成功运行,但在 Ubuntu AMI 上失败并显示以下错误:
WARNING [2017-10-29 12:01:03,541] Unable to retrieve remote metadata : No credentials!
WARNING [2017-10-29 12:01:03,541] Unable to open local metadata : /var/cache/heat-cfntools/last_metadata
WARNING [2017-10-29 12:01:03,542] Unable to open local metadata : /var/lib/heat-cfntools/cfn-init-data
ERROR [2017-10-29 12:01:03,542] Unable to read any valid metadata!
ERROR [2017-10-29 12:01:03,542] Error processing metadata
Traceback (most recent call last):
File "/usr/bin/cfn-init", line 68, in
metadata.cfn_init()
File "/usr/lib/python2.7/dist-packages/heat_cfntools/cfntools/cfn_helper.py", line 1270, in cfn_init
raise Exception("invalid metadata")
Exception: invalid metadata
The full template - https://pastebin.com/e072d5GF .完整模板 - https://pastebin.com/e072d5GF 。
I found a similar question on Launchpad , but it has no answer.我在 Launchpad 上发现了一个类似的问题,但没有答案。
Edit : This is the output from curl 169.254.169.254/latest/meta-data/iam/info/ :编辑:这是curl 169.254.169.254/latest/meta-data/iam/info/的输出:
{
"Code" : "InstanceProfileNotFound",
"Message" : "Instance Profile with Id AIPAJWC744OTCCS55JMTW cannot be found. Please see documentation at http://docs.amazonwebservices.com/IAM/latest/UserGuide/RolesTroubleshooting.html.",
"LastUpdated" : "2017-10-29T12:26:01Z"
}
1 个解决方案
解决方案1
1 2017-11-09 11:17:13
You are specifying a role named "s3access", however you are not declaring it.您指定了一个名为“s3access”的角色,但是您没有声明它。 If it doesn't exist already you need to create it.如果它不存在,则需要创建它。
Add this inside Resources, and change Bucket_Name (2 entries) and Path_Name (1 entry) to match your configuration:在资源中添加它,并更改 Bucket_Name(2 个条目)和 Path_Name(1 个条目)以匹配您的配置:
"s3access": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": ["ec2.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "S3_Read",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [{
"Fn::Join": ["", ["arn:aws:s3:::", "Bucket_Name", "/Path_Name/*"]]
}, ]
},
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": [{
"Fn::Join": ["", ["arn:aws:s3:::", "Bucket_Name"]]
}]
}
]
}
}]
}
} }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.