堆栈内存溢出
  简体   繁体   English

在 Chalice 应用程序中使用 boto3 启动 EC2 实例不起作用

[英]Starting EC2 instance with boto3 in a Chalice app is not working

 原文  2020-09-23 17:38:02       python/ amazon-ec2/ aws-lambda/ boto3/ chalice

问题描述

I'm having an issue using boto3 to start EC2 instances from a Lambda deployed by Chalice .我在使用 boto3 从Chalice部署的 Lambda 启动 EC2 实例时遇到问题。

The relevant code is this:相关代码是这样的:

resource = boto3.resource('ec2')
instance = resource.Instance(params['instance_id'])
if params['action'] == 'run':
    try:
        response = instance.start()
    except BaseException as be:
        logging.exception("Error: Failed to start instance" + str(be) )
        raise ChaliceViewError("Internal error at server side")
else:
    try:
        response = instance.stop(Force=True)
    except BaseException as be:
        logging.exception("Error: Failed to stop instance" + str(be) )
        raise ChaliceViewError("Internal error at server side")

The request appears to succeed.请求似乎成功。 For instance, in 2 cases where the "start()" method was called the boto3 response was this: {"Status":{"StartingInstances":[{"CurrentState":{"Code":0,"Name":"pending"},"InstanceId":"i-0129bb4079559e5bc","PreviousState":{"Code":80,"Name":"stopped"}}],"ResponseMetadata":{"RequestId":"d88a9fbc-f2f2-4c51-9629-30a63c7e753b","HTTPStatusCode":200,"HTTPHeaders":{"x-amzn-requestid":"d88a9fbc-f2f2-4c51-9629-30a63c7e753b","content-type":"text/xml;charset=UTF-8","content-length":"579","date":"Wed, 23 Sep 2020 16:59:40 GMT","server":"AmazonEC2"},"RetryAttempts":0}}}例如,在调用“start()”方法的两种情况下,boto3 响应是这样的: {"Status":{"StartingInstances":[{"CurrentState":{"Code":0,"Name":"pending"},"InstanceId":"i-0129bb4079559e5bc","PreviousState":{"Code":80,"Name":"stopped"}}],"ResponseMetadata":{"RequestId":"d88a9fbc-f2f2-4c51-9629-30a63c7e753b","HTTPStatusCode":200,"HTTPHeaders":{"x-amzn-requestid":"d88a9fbc-f2f2-4c51-9629-30a63c7e753b","content-type":"text/xml;charset=UTF-8","content-length":"579","date":"Wed, 23 Sep 2020 16:59:40 GMT","server":"AmazonEC2"},"RetryAttempts":0}}}

The other response is this:另一个回应是这样的:

{"Status":{"StartingInstances":[{"CurrentState":{"Code":0,"Name":"pending"},"InstanceId":"i-0129bb4079559e5bc","PreviousState":{"Code":80,"Name":"stopped"}}],"ResponseMetadata":{"RequestId":"2bde553a-87f1-4fe0-a13a-8b4db4c0dbbc","HTTPStatusCode":200,"HTTPHeaders":{"x-amzn-requestid":"2bde553a-87f1-4fe0-a13a-8b4db4c0dbbc","content-type":"text/xml;charset=UTF-8","content-length":"579","date":"Wed, 23 Sep 2020 17:07:58 GMT","server":"AmazonEC2"},"RetryAttempts":0}}}

However in both cases the instance did not start, the instance state in the AWS Console stayed at "stopped".但是,在这两种情况下,实例都没有启动,AWS 控制台中的实例状态保持在“已停止”。

When I tried the same code snippet in a python console, it worked, and the instance started successfully:当我在 python 控制台中尝试相同的代码片段时,它起作用了,并且实例成功启动:

>>> import boto3
>>> resource = boto3.resource('ec2')
>>> instance = resource.Instance('i-0129bb4079559e5bc')
>>> response = instance.start()
>>> response
{'StartingInstances': [{'CurrentState': {'Code': 0, 'Name': 'pending'}, 'InstanceId': 'i-0129bb4079559e5bc', 'PreviousState': {'Code': 80, 'Name': 'stopped'}}], 'ResponseMetadata': {'RequestId': '535224cc-21d8-45fa-a4a2-0ac984cdfe9a', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '535224cc-21d8-45fa-a4a2-0ac984cdfe9a', 'content-type': 'text/xml;charset=UTF-8', 'content-length': '579', 'date': 'Wed, 23 Sep 2020 17:05:10 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}}

Has anyone seen this behavior before?有没有人见过这种行为? Is there something obvious I'm missing?有什么明显的我遗漏了吗?

1 个解决方案

解决方案1
 0  2020-09-23 20:31:06

I ended up going to AWS support with this question.我最终带着这个问题去了 AWS 支持。

The machines that I was trying to start had been migrated from another AWS account and had their backing EBS volumes encrypted using a KMS key.我尝试启动的机器已从另一个 AWS 账户迁移,并使用 KMS 密钥对其支持的 EBS 卷进行了加密。 The Lambda execution role needs access to use the KMS key in order to start the EC2 instance. Lambda 执行角色需要使用 KMS 密钥的访问权限才能启动 EC2 实例。

At the suggestion of the AWS tech, I added this statement to the KMS Key policy:在 AWS 技术人员的建议下,我在 KMS 密钥策略中添加了以下声明:

{
   "Sid": "Allow Lambda role use of the CMK",
   "Effect": "Allow",
   "Principal": {
       "AWS": [
           "<REPLACE WITH LAMBDA-EXECUTION-ROLE-ARN>"
       ]
   },
   "Action": [
       "kms:Encrypt",
       "kms:Decrypt",
       "kms:ReEncrypt*",
       "kms:GenerateDataKey*",
       "kms:DescribeKey",
       "kms:CreateGrant"
   ],
   "Resource": "*"
}

Once this was in place, the instance started successfully.一旦到位,实例就成功启动了。

The one outstanding question I have (and I will update this answer if I receive it) is why the boto3 start operation returned a success if the Lambda didn't have permissions.我有一个悬而未决的问题(如果我收到它,我会更新这个答案)是如果 Lambda 没有权限,为什么 boto3 start 操作返回成功。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Boto3 EC2中的分页描述实例 - Pagination in boto3 ec2 describe instance 使用Boto启动已停止的EC2实例 - Starting a stopped EC2 instance with Boto 使用Boto轮询停止或启动EC2实例 - Polling a stopping or starting EC2 instance with Boto 使用Boto3启动多个EC2实例 - Starting multiple EC2 instances using Boto3 如何在 boto3 中为 AWS EC2 实例设置标签 - How to set tags for AWS EC2 instance in boto3 使用boto3检查EC2实例的停止时间 - Checking STOP time of EC2 instance with boto3 boto3:ec2实例上的create_tags给出了TypeError - boto3: create_tags on an ec2 instance gives TypeError 使用Boto3更改EC2实例的安全组 - Changing Security Groups for EC2 Instance using Boto3 AWS Boto3-等待直到将卷附加到EC2实例 - AWS boto3 - wait until volume is attached to EC2 instance ImportError:在AWS EC2实例上没有名为boto3的模块 - ImportError: No module named boto3 on AWS EC2 instance
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM