使用 Ansible 创建 AWS S3 存储桶
[英]creating AWS S3 bucket with Ansible
问题描述
Below is my yml file to create S3 bucket.
下面是我创建 S3 存储桶的 yml 文件。 For security purpose i have not pasted here actual aws_access_key and aws_secret_key just showing them as ***** in the snippet below.出于安全目的,我没有在此处粘贴实际的 aws_access_key 和 aws_secret_key,只是在下面的代码片段中将它们显示为 *****。 I have installed boto3, boto,AWS CLI on the Ec2 instance which is having Ansible installed on it.我已经在安装了 Ansible 的 Ec2 实例上安装了 boto3、boto、AWS CLI。
---
- hosts: localhost
tasks:
- name: Create an S3 bucket
become: true
aws_s3: aws_access_key=****** aws_secret_key=**** bucket=testbuck mode=create permission=public-read region=us-east-1
when i execute above yml file using ansible-playbook command then it gives exception as shown below.当我使用 ansible-playbook 命令执行上面的 yml 文件时,它会给出如下所示的异常。 Please help me to fix this issue so that a S3 bucket with name "testbuck" gets created.请帮我解决这个问题,以便创建一个名为“testbuck”的 S3 存储桶。
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (403) when calling the HeadBucket operation: Forbidden
fatal: [localhost]: FAILED! => {"boto3_version": "1.10.44", "botocore_version": "1.13.44", "changed": false, "error": {"code": "403", "message": "Forbidden"}, "msg": "Failed while looking up bucket (during bucket_check) testbuck.: An error occurred (403) when calling the HeadBucket operation: Forbidden", "response_metadata": {"host_id": "OmIY2bLkh4T4JwxD/UJsM47n7oUUS6ttEL9ZMl+vv66bVsLcwQuP2pzAGr05m1LdtznYudrrapk=", "http_headers": {"content-type": "application/xml", "date": "Fri, 17 Jan 2020 16:54:49 GMT", "server": "AmazonS3", "transfer-encoding": "chunked", "x-amz-bucket-region": "us-east-1", "x-amz-id-2": "OmIY2bLkh4T4JwxD/UJsM47n7oUUS6ttEL9ZMl+vv66bVsLcwQuP2pzAGr05m1LdtznYudrrapk=", "x-amz-request-id": "51740FB276A10A18"}, "http_status_code": 403, "request_id": "51740FB276A10A18", "retry_attempts": 0}}
3 个解决方案
解决方案1
1 2020-01-18 16:41:31
By default the Ansible command runs with check if a bucket exists before creating it.默认情况下,Ansible 命令运行时会在创建存储桶之前检查存储桶是否存在。 Maybe the IAM user you use doesn't have the permissions to check if the bucket exists.也许您使用的 IAM 用户没有检查存储桶是否存在的权限。 Try to add:尝试添加:
aws_s3: ... ignore_nonexistent_bucket: True
Or grant the s3:ListBucket permission to the user.或者向用户授予s3:ListBucket权限。
解决方案2
0 2021-06-21 10:58:31
You should need to check whether s3:ListBucket access is there.您应该需要检查是否存在s3:ListBucket访问权限。 This is the official s3 documentation https://docs.aws.amazon.com/en_us/AmazonS3/latest/API/API_HeadBucket.html这是官方 s3 文档https://docs.aws.amazon.com/en_us/AmazonS3/latest/API/API_HeadBucket.html
解决方案3
0 2021-06-21 12:55:41
The HeadBucket action is to check if an s3 bucket exists and you have permissions to it. HeadBucket操作是检查 s3 存储桶是否存在以及您是否有权访问它。 To use this operation your IAM role/user must have the ability to perform s3:ListBucket action.要使用此操作,您的 IAM 角色/用户必须能够执行s3:ListBucket操作。 The bucket owner has this permission by default and grant this permission to other.桶拥有者默认拥有此权限,并将此权限授予其他人。 For more information refer to the s3 official documentation https://docs.aws.amazon.com/en_us/AmazonS3/latest/API/API_HeadBucket.html有关更多信息,请参阅 s3 官方文档https://docs.aws.amazon.com/en_us/AmazonS3/latest/API/API_HeadBucket.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.