[英]An error occurred (UnauthorizedOperation) when calling the DescribeLaunchTemplates operation?
我正在尝试使用 ansible 在我的 AWS 自动缩放组中部署启动模板! 这是我的脚本
- name: base64 conversion
command: base64 -w 0 roles/inspect/tasks/user_data_cs.sh
register: userdata
- debug:
var: userdata.stdout
#To deploy the user data in lauch template
- name: User data deployment
ec2_launch_template:
name: "{{ LT_name }}"
image_id: "ami-##########"
key_name: "aws-dev"
block_device_mappings:
- device_name: "/dev/sdb"
ebs:
volume_size: 20
encrypted: true
- device_name: "/dev/xvda"
ebs:
volume_size: 10
volume_type: gp2
delete_on_termination: yes
encrypted: true
default_version: 1
ebs_optimized: no
iam_instance_profile: "aws-ec2-role"
network_interfaces:
- device_index : 0
delete_on_termination: yes
associate_public_ip_address: no
groups: ["sg-##########"]
instance_type: t3.small
user_data: "{{ userdata.stdout }}"
when: name_env == "dev"
它显示错误
TASK [inspect: User data deployment] ****************************************** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (UnauthorizedOperation) when calling the DescribeLaunchTemplates operation: You are not authorized to perform this operation. [WARNING]: The value 1 (type int) in a string field was converted to '1' (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. fatal: [127.0.0.1]: FAILED: => {"boto3_version". "1.24,38": "botocore_version". "1.27,38": "changed", false: "error": {"code", "UnauthorizedOperation": "message". "You are not authorized to perform this operation,"}: "msg". "Could not check existing launch templates. This may be an IAM permission problem:: An error occurred (UnauthorizedOperation) when calling the DescribeLaunchTemplates operation. You are not authorized to perform this operation,": "response_metadata": {"http_headers": {"cache-control", "no-cache, no-store": "content-type"; "text/xml,charset=UTF-8": "date", "Thu: 05 Jan 2023 13:17,02 GMT": "server", "AmazonEC2": "strict-transport-security"; "max-age=31536000, includeSubDomains": "transfer-encoding", "chunked": "vary", "accept-encoding": "x-amzn-requestid", "c0cd0411-c88e-4569-bd91-21dd46708224"}: "http_status_code", 403: "request_id", "c0cd0411-c88e-4569-bd91-21dd46708224": "retry_attempts": 0}}
这是我的 IAM permssions:似乎没有作为“DescribeLaunchTemplate”的动作我尝试使用自动缩放:DescribeLaunchTemplate elasticloadbalancing:DescribeLaunchTemplate application-autoscaling:DescribeLaunchTemplate 也只有 DescribeLaunchTemplate
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:CreateOrUpdateTags"
],
"Resource": "*"
}
]
}
和
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DeleteScalingPolicy",
"elasticloadbalancing:DescribeLoadBalancers",
"autoscaling:DescribeAutoScalingGroups",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"elasticloadbalancing:DescribeTargetGroups",
"autoscaling:DescribeLoadBalancerTargetGroups",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:DeregisterScalableTarget"
],
"Resource": "*"
}
]
}
我还尝试添加“DescribeLaunchTemplates”,但似乎没有像使用 asg 和所有内容检查的那样对 IAM 采取任何行动。
添加
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions"
解决了这个问题
调用 PutSubscriptionFilter 操作时发生错误(InvalidParameterException)
[英]An error occurred (InvalidParameterException) when calling the PutSubscriptionFilter operation
调用HeadObject操作时出现错误(404):Key“”不存在
[英]An error occurred (404) when calling the HeadObject operation: Key "" does not exist
调用 UploadServerCertificate 操作时发生客户端错误(SignatureDoesNotMatch)
[英]A client error (SignatureDoesNotMatch) occurred when calling the UploadServerCertificate operation
Amazon Lex 错误:调用 PutIntent 操作时发生错误 (BadRequestException):RelativeId 与 Lex ARN 格式不匹配
[英]Amazon Lex Error: An error occurred (BadRequestException) when calling the PutIntent operation: RelativeId does not match Lex ARN format
Collectstatic 失败 - botocore.exceptions.ClientError:调用 HeadObject 操作时发生错误 (404):未找到
[英]Collectstatic failing - botocore.exceptions.ClientError: An error occurred (404) when calling the HeadObject operation: Not Found
AWS System Manager 启动 session:调用 StartSession 操作时发生错误 (TargetNotConnected):<instance_id> 未连接</instance_id>
[英]AWS System Manager start session: An error occurred (TargetNotConnected) when calling the StartSession operation: <instance_id> is not connected
botocore.exceptions.ClientError调用GetObject操作时发生错误(SignatureDoesNotMatch)
[英]botocore.exceptions.ClientError An error occurred (SignatureDoesNotMatch) when calling the GetObject operation
AWS Lambda python boto3 dynamodb 表扫描 - 调用扫描操作时发生错误(ValidationException):ExpressionAttributeNames
[英]AWS Lambda python boto3 dynamodb table scan - An error occurred (ValidationException) when calling the Scan operation: ExpressionAttributeNames
AWS S3 Boto3 Python - 调用 DeleteObject 操作时发生错误 (AccessDenied):拒绝访问
[英]AWS S3 Boto3 Python - An error occurred (AccessDenied) when calling the DeleteObject operation: Access Denied
ClientError:调用HeadObject操作时发生错误(403):尝试上传视频时被禁止
[英]ClientError: An error occurred (403) when calling the HeadObject operation: Forbidden when trying to upload video
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.