使用云形成将文件从 S3 存储桶复制到 EC2 主目录
[英]Copy file(s) from S3 bucket to EC2 home using cloud formation
问题描述
I am trying to copy a file from S3 bucket to EC2 home directory.
我正在尝试将文件从 S3 存储桶复制到 EC2 主目录。 I wrote a script using help from this SOF Answer我使用此SOF Answer的帮助编写了一个脚本
However in my case the script is getting executed without any errors but I am unable to see the file getting copied in my instance.但是,在我的情况下,脚本正在执行而没有任何错误,但我无法在我的实例中看到文件被复制。 Can someone help me figure out what am I missing.有人可以帮我弄清楚我错过了什么。
Cloud formation script:云形成脚本:
Properties:
ImageId: !FindInMap [Region2AMI, !Ref 'AWS::Region', 'AMI']
InstanceType: t2.micro
SecurityGroups:
- !Ref WebserverSecurityGroup
Tags:
- Key: Name
Value: Amazon Linux w/ nginx included -2
KeyName: !Ref KeyName
UserData:
'Fn::Base64': !Sub |
#!/bin/bash -x
yum update -y aws-cfn-bootstrap
sudo yum install git -y
sudo yum update -y
sudo yum install nginx -y
sudo service nginx enable
sudo service nginx start
mkdir /home/ec2-user/s3-dist
aws s3 cp s3://ai-dashboard-bucket/dist.zip /tmp
unzip -d /home/ec2-user/s3-dist /tmp/dist.zip
/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region} --configSets InstallAndConfig
Edit: I checked the logs file and this is error I am getting.编辑:我检查了日志文件,这是我得到的错误。 I checked the logs and found the following error我检查了日志,发现以下错误
aws s3 sync s3://ai-dashboard-bucket/dist.zip /home/ec2-user fatal error: Unable to locate credentials
How do I pass credentials?我如何通过凭据?
Thanks for the help.谢谢您的帮助。
1 个解决方案
解决方案1
1 2021-03-06 19:08:14
Looks like the IAM instance profile doesn't have the permissions to access objects in ai-dashboard-bucket .看起来 IAM 实例配置文件没有访问ai-dashboard-bucket中对象的权限。
Try adding an IAM Instance profile to your EC2 instance尝试将 IAM 实例配置文件添加到您的 EC2 实例
Resources:
InstanceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Policies:
- PolicyName: root
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: 's3:Get*'
Resource: !Sub 'arn:${AWS::Partition}:s3:::ai-dashboard-bucket/*'
InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- !Ref InstanceRole
Ec2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [Region2AMI, !Ref 'AWS::Region', 'AMI']
InstanceType: t2.micro
IamInstanceProfile: !GetAtt InstanceRole.Arn # Using the role created above
SecurityGroups:
- !Ref WebserverSecurityGroup
Tags:
- Key: Name
Value: Amazon Linux w/ nginx included -2
KeyName: !Ref KeyName
UserData:
'Fn::Base64': !Sub |
#!/bin/bash -x
yum update -y aws-cfn-bootstrap
sudo yum install git -y
sudo yum update -y
sudo yum install nginx -y
sudo service nginx enable
sudo service nginx start
mkdir /home/ec2-user/s3-dist
aws s3 cp s3://ai-dashboard-bucket/dist.zip /tmp
unzip -d /home/ec2-user/s3-dist /tmp/dist.zip
/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region} --configSets InstallAndConfig
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.