堆栈内存溢出
  简体   繁体   English

AWS 故障注入模拟器返回“未授权执行所需操作”。

[英]AWS Fault Injection Simulator returning 'Not authorized to perform the required action.'

 原文  2022-02-14 07:20:40       amazon-web-services/ aws-fis

问题描述

I am trying to use AWS FIS to stress CPU on an ubuntu VM thru ssm send command ( aws:ssm:send-command/AWSFIS-Run-CPU-Stress ).我正在尝试使用 AWS FIS 通过 ssm 发送命令 ( aws:ssm:send-command/AWSFIS-Run-CPU-Stress ) 对 ubuntu VM 上的 CPU 施加压力。

When I ssh to the VM and use 'top' command I see the CPU shooting up successfully from 0.3% to 99.9% but surprisingly the FIS experiment ends up in 'failed' state with a tag:'Not authorized to perform the required action'.当我 ssh 到 VM 并使用“top”命令时,我看到 CPU 成功地从 0.3% 上升到 99.9%,但令人惊讶的是,FIS 实验最终以“失败”state 结束,标签为:“未授权执行所需的操作” .

Since the cpu definitely increased and I even see COMMAND name 'stress-ng-cpu' against the 99.9% cpu entry, any idea why it is still saying 'not authorized' and ending up in failed status?由于 cpu 确实增加了,我什至在 99.9% 的 cpu 条目上看到了命令名称“stress-ng-cpu”,知道为什么它仍然说“未授权”并最终处于失败状态吗?

Thanks.谢谢。

2 个解决方案

解决方案1
 1 已采纳  2022-02-14 11:21:13

It worked after I completely removed mine and applied the permissions as shown here: https://chaos-engineering.workshop.aws/en/030_basic_content/030_basic_experiment/10-permissions.html在我完全删除我的并应用如下所示的权限后它起作用了: https://chaos-engineering.workshop.aws/en/030_basic_content/030_basic_experiment/10-permissions.html

Posting this for the benefit of others who might run into similar issues.发布此内容是为了其他可能遇到类似问题的人的利益。

解决方案2
 0  2022-12-28 21:29:36

The issue was probably a missing permission in the role, most likely ssm:ListCommands or ssm:CancelCommand , which are required by the aws:ssm:send-command action ( https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html#ssm-actions-reference )问题可能是角色缺少权限,很可能是ssm:ListCommandsssm:CancelCommand ,这是aws:ssm:send-command操作所必需的 ( https://docs.aws.amazon.com/fis/latest /userguide/fis-actions-reference.html#ssm-actions-reference )

If you only have ssm:SendCommand permission, the action will be able to start (and inject the fault), but then it will fail either when checking the state of the running experiment, or when trying to stop the experiment.如果您只有ssm:SendCommand权限,该操作将能够启动(并注入错误),但是在检查正在运行的实验的 state 或尝试停止实验时,它将失败。

The FIS experiment will end up in failed state, but the SSM document will keep running until the provided duration is reached. FIS 实验将以失败 state 结束,但 SSM 文档将继续运行,直到达到提供的持续时间。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用户在调用 cronjob 时无权执行此操作 - User not authorized to perform this action when calling a cronjob GlueJobRunnerSession 无权执行:lakeformation:GetDataAccess on resource - GlueJobRunnerSession is not authorized to perform: lakeformation:GetDataAccess on resource AWS API 网关:用户:匿名无权执行:execute-api:调用资源:arn:aws:execute-api: - AWS API Gateway: User: anonymous is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api: 用户无权执行:dynamodb:GetItem - User is not authorized to perform: dynamodb:GetItem 尝试删除用户时,我的 AWS Educate 账户收到“您没有执行此操作所需的权限”? - When trying to delete a user I'm getting "You do not have the permission required to perform this operation" on my AWS Educate Account? 在 Ubuntu AWS 的自定义用户下安装 authorized_keys 文件 - Installing authorized_keys file under custom user for Ubuntu AWS 用户无权执行:dynamodb:PutItem on resource - User is not authorized to perform: dynamodb:PutItem on resource 启动源实例时出错:UnauthorizedOperation:您无权执行此操作 - Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation AWS RDS SDK 从 AWS 控制台返回差异 - AWS RDS SDK returning difference from AWS Console AWS api 网关在响应正文中返回令牌 - AWS api gateway returning token in the response body
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM