Elastic beanstalk實例無法訪問私有S3文件

Question

我正在嘗試使用SSL設置AWS彈性beanstalk單個實例，我想將私鑰存儲在S3中並讓實例在部署后檢索密鑰（以避免將私鑰提交給版本控制）。

根據AWS文檔： http ：//docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-storingprivatekeys.html，我已經設置了我的配置，存儲在myproject / .ebextensions / privatekey.config中：

Resources:
  AWSEBAutoScalingGroup:
    Metadata:
      AWS::CloudFormation::Authentication:
        S3Auth:
          type: "s3"
          buckets: ["my_bucket"]
          roleName:
            "Fn::GetOptionSetting":
              Namespace: "aws:autoscaling:launchconfiguration"
              OptionName: "IamInstanceProfile"
              DefaultValue: "aws-elasticbeanstalk-ec2-role"
files:
  # Private key
  /path/to/private/key:
    mode: "000400"
    owner: root
    group: root
    authentication: "S3Auth"
    source: https://s3.eu-west-2.amazonaws.com/my_s3_bucket/my_private_key

但是，每當我部署時，我都會收到錯誤： Command failed on instance. Return code: 1 Output: Failed to retrieve https://s3.eu-west-2.amazonaws.com/my_bucket/my_private_key: 'NoneType' object has no attribute 'is_default'. Command failed on instance. Return code: 1 Output: Failed to retrieve https://s3.eu-west-2.amazonaws.com/my_bucket/my_private_key: 'NoneType' object has no attribute 'is_default'.

我已檢查彈性beanstalk中的配置，並且項目具有aws-elasticbeanstalk-ec2-role的實例配置文件，並且此角色肯定具有適用於S3的正確策略（我甚至已將其分配給AmazonS3FullAccess，這不是必需的！）

當我使用可公開訪問的文件進行測試時，我可以使其正常工作。 但是，當文件是私有時。

Answer 1

我在eu-west-2地區的EC2實例遇到了這個問題。 我無法在其他地區復制它。

如果您遇到此問題，並且EC2實例位於eu-west-2區域，請嘗試解決此問題，只需格式化URL：

而不是： https://s3.eu-west-2.amazonaws.com/elasticbeanstalk-eu-west-2-XXXXXXXXX/yourfolderpath/server.key ： https://s3.eu-west-2.amazonaws.com/elasticbeanstalk-eu-west-2-XXXXXXXXX/yourfolderpath/server.key

嘗試： https://elasticbeanstalk-eu-west-2-XXXXXXXXX.s3-eu-west-2.amazonaws.com/yourfolderpath/server.key ： https://elasticbeanstalk-eu-west-2-XXXXXXXXX.s3-eu-west-2.amazonaws.com/yourfolderpath/server.key