堆栈内存溢出
  繁体   English   中英

ECS Windows 优化的 AMI 启用 IAM 任务角色

[英]ECS Windows Optimized AMI Enable IAM Tasks Roles

 原文  2021-01-14 12:29:48       amazon-web-services/ amazon-ecs

问题描述

我需要为 windows 容器启用任务角色。 我的集群是通过 ECS 控制台启动的:

AMI: Windows_Server-2019-English-Full-ECS_Optimized-2020.12.11 UserData(更改为通过 ECS 控制台创建的原始数据):

<powershell>
[Environment]::SetEnvironmentVariable("ECS_ENABLE_TASK_IAM_ROLE", $TRUE, "Machine")
[Environment]::SetEnvironmentVariable("ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST", $TRUE, "Machine")
Initialize-ECSAgent -Cluster cluster -EnableTaskIAMRole -LoggingDrivers '["json-file","awslogs"]'
</powershell>

EC2 角色:完全管理员

安全组: TCP全部开放

ECS 代理日志:

 Proxy Credentials rules are created: 2021-01-14T11:16:56Z - [INFO]:Firewall rule found. Name Value ---- ----- Direction Inbound LocalPort 51679 DisplayName Allow Inbound Port 51679 Protocol TCP Action Allow 2021-01-14T11:16:56Z - [INFO]:Firewall rule found. Name Value ---- ----- Action Allow DisplayName Allow Inbound 169.254.170.2:80 LocalPort 80 Direction Inbound LocalAddress 169.254.170.2 Protocol TCP 2021-01-14T11:17:01Z - [INFO]:netsh interface portproxy show all 2021-01-14T11:17:01Z - [INFO]: 2021-01-14T11:17:01Z - [INFO]:Setting up new ipv4 interface proxy to forward traffic... 2021-01-14T11:17:01Z - [INFO]: from 169.254.170.2:80 2021-01-14T11:17:01Z - [INFO]: to 127.0.0.1:51679 2021-01-14T11:17:01Z - [INFO]: 2021-01-14T11:17:01Z - [INFO]:Checking port forwarding... 2021-01-14T11:17:04Z - [INFO]:netsh interface portproxy show all 2021-01-14T11:17:04Z - [INFO]: 2021-01-14T11:17:04Z - [INFO]:Listen on ipv4: Connect to ipv4: 2021-01-14T11:17:04Z - [INFO]: 2021-01-14T11:17:04Z - [INFO]:Address Port Address Port 2021-01-14T11:17:04Z - [INFO]:--------------- ---------- --------------- ---------- 2021-01-14T11:17:04Z - [INFO]:169.254.170.2 80 127.0.0.1 51679 2021-01-14T11:17:04Z - [INFO]: 2021-01-14T11:17:04Z - [INFO]:TcpTestSucceeded: True 2021-01-14T11:17:04Z - [INFO]:Port forwarding setup complete. 2021-01-14T11:17:04Z - [INFO]:ECS Host setup complete. 2021-01-14T11:17:04Z - [INFO]:Creating Initialize-ECSHostReboot ScheduledTask 2021-01-14T11:17:05Z - [INFO]:ScheduledTask Initialize-ECSHostReboot created. 2021-01-14T11:17:05Z - [INFO]:Task IAM role is enabled. Changing AmazonECS service startup to Manual.

故障排除命令:

Command: netsh interface portproxy show all

Listen on ipv4:             Connect to ipv4:

Address         Port        Address         Port
--------------- ----------  --------------- ----------
169.254.170.2   80          127.0.0.1       51679


Command: netstat -an | select-string 169.254.170.2

  TCP    169.254.170.2:80       0.0.0.0:0              LISTENING


Command: ping 169.254.170.2
Pinging 169.254.170.2 with 32 bytes of data:
Reply from 169.254.170.2: bytes=32 time<1ms TTL=128
Reply from 169.254.170.2: bytes=32 time<1ms TTL=128
Reply from 169.254.170.2: bytes=32 time<1ms TTL=128

预期行为:我的 ECS 实例获取属性: com.amazonaws.ecs.capability.task-iam-role以便能够运行任务

观察到的行为:ECS 实例未获取该属性。

任何帮助都将不胜感激。

非常感谢

1 个解决方案

解决方案1
 0  2021-01-14 16:53:56

经过更多研究后,我运行了 aws ecs list-attributes,我注意到 com.amazonaws.ecs.capability.task-iam-role 没问题,并且缺少属性是 ecs.capability.execution-role-awslogs 和 ECS_ENABLE_AWSLOGS_EXECUTIONROLE_OVERRIDE环境变量固定de问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将IAM角色应用于ECS实例 aws ecs优化AMI中的私有docker注册表身份验证不成功 用于提供最新 amazon-ecs-optimized 图像的 ami-id 的脚本或 api 无法在Amazon ECS优化的AMI上通过cloudformation安装cloudwatch代理 Boto 无法访问具有正确 IAM 角色的 ECS 容器内的存储桶(但 Boto3 可以) 如何以编程方式在Amazon Windows 2008 AMI上启用实例存储 IAM角色和实例配置文件 在IAM中扮演什么角色? AWS - IAM 和清洁角色 Sagemaker 的 IAM 角色?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM