![](/img/trans.png)
[英]Is there a way to access a private .zip S3 object with a django app's .ebextension config file deployed on elastic beanstalk
[英]Elastic beanstalk instance cannot access private S3 file
我正在嘗試使用SSL設置AWS彈性beanstalk單個實例,我想將私鑰存儲在S3中並讓實例在部署后檢索密鑰(以避免將私鑰提交給版本控制)。
根據AWS文檔: http ://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-storingprivatekeys.html,我已經設置了我的配置,存儲在myproject / .ebextensions / privatekey.config中:
Resources:
AWSEBAutoScalingGroup:
Metadata:
AWS::CloudFormation::Authentication:
S3Auth:
type: "s3"
buckets: ["my_bucket"]
roleName:
"Fn::GetOptionSetting":
Namespace: "aws:autoscaling:launchconfiguration"
OptionName: "IamInstanceProfile"
DefaultValue: "aws-elasticbeanstalk-ec2-role"
files:
# Private key
/path/to/private/key:
mode: "000400"
owner: root
group: root
authentication: "S3Auth"
source: https://s3.eu-west-2.amazonaws.com/my_s3_bucket/my_private_key
但是,每當我部署時,我都會收到錯誤: Command failed on instance. Return code: 1 Output: Failed to retrieve https://s3.eu-west-2.amazonaws.com/my_bucket/my_private_key: 'NoneType' object has no attribute 'is_default'.
Command failed on instance. Return code: 1 Output: Failed to retrieve https://s3.eu-west-2.amazonaws.com/my_bucket/my_private_key: 'NoneType' object has no attribute 'is_default'.
我已檢查彈性beanstalk中的配置,並且項目具有aws-elasticbeanstalk-ec2-role的實例配置文件,並且此角色肯定具有適用於S3的正確策略(我甚至已將其分配給AmazonS3FullAccess,這不是必需的!)
當我使用可公開訪問的文件進行測試時,我可以使其正常工作。 但是,當文件是私有時。
我在eu-west-2地區的EC2實例遇到了這個問題。 我無法在其他地區復制它。
如果您遇到此問題,並且EC2實例位於eu-west-2區域,請嘗試解決此問題,只需格式化URL:
而不是: https://s3.eu-west-2.amazonaws.com/elasticbeanstalk-eu-west-2-XXXXXXXXX/yourfolderpath/server.key
: https://s3.eu-west-2.amazonaws.com/elasticbeanstalk-eu-west-2-XXXXXXXXX/yourfolderpath/server.key
嘗試: https://elasticbeanstalk-eu-west-2-XXXXXXXXX.s3-eu-west-2.amazonaws.com/yourfolderpath/server.key
: https://elasticbeanstalk-eu-west-2-XXXXXXXXX.s3-eu-west-2.amazonaws.com/yourfolderpath/server.key
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.