AWS CloudWatch 代理:NoCredentialsError:无法找到凭证
[英]AWS CloudWatch Agent: NoCredentialsError: Unable to locate credentials
问题描述
I am receiving the following errors in the EC2 CloudWatch Agent logs, /var/logs/awslogs.log :
我在 EC2 CloudWatch 代理日志/var/logs/awslogs.log中收到以下错误:
I verified the EC2 has a role:我验证了 EC2 的作用:
And the role has the correct policies:并且该角色具有正确的策略:
I have set the correct region in /etc/awslogs/awscli.conf:我在 /etc/awslogs/awscli.conf 中设置了正确的区域:
I noticed that running aws configure list in the EC2 gives this:我注意到在 EC2 中运行aws configure list会给出:
Is this incorrect?这是不正确的吗? Should it list the profile (EC2_Cloudwatch_Profile) there?它应该在那里列出配置文件(EC2_Cloudwatch_Profile)吗?
1 个解决方案
解决方案1
0 2022-08-20 01:29:45
I was using terraform and reprovisioning by doing:我正在使用 terraform 并通过以下方式重新配置:
terraform destroy && terraform apply
Looks like due to IAM being a global service it is "eventually consistent" and not "immediately consistent", when the profile instance was destroyed, the terraform apply began too quickly.看起来由于 IAM 是一项全球服务,它“最终一致”而不是“立即一致”,当配置文件实例被销毁时, terraform apply开始得太快了。 Despite the "destroy" being complete, the arn for the previous profile instance was still there, and was re-used.尽管“销毁”已完成,但前一个配置文件实例的 arn 仍然存在,并被重新使用。 However, the ID changed to a new ID.但是,该 ID 已更改为新 ID。
Replacing the EC2 would bring it up to speed with the correct ID.更换 EC2 将使用正确的 ID 使其加速。 However, my solution is to just wait longer between terraform destroy and apply.但是,我的解决方案是在 terraform 销毁和应用之间等待更长时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.