在实例上设置 aws opsworks 时出现凭证错误

Question

我正在尝试在 Ubuntu EC2 实例上设置 opsworks 以监控日志。我正在向 Opsworks 注册我的实例。我得到的注册命令是（插入 x 以保护信息）

aws opsworks register --use-instance-profile --infrastructure-class ec2 --region xx-west-xx --stack-id xxxxxxx-fe9c-xxxxx-99f8-xxxxxxx --local

但是，当我运行此命令时，安装失败并出现错误

/opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:100:in `require_credentials': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)

这表明我没有设置我的 aws 凭据，但我在 ~/.aws/credentials 中设置了我的 ACCESS_KEY_ID 和 SECRET_ACCESS_KEY，我也尝试将这两个变量导出为环境变量，但我仍然收到相同的错误。知道为什么会发生这种情况吗？

这是完整的输出

[Wed, 01 Jul 2020 01:33:32 +0000] installer-wrapper: Using opsworks-instance-assets-us-west-2.s3.amazonaws.com for assets.
[Wed, 01 Jul 2020 01:33:32 +0000] installer-wrapper: Skipping installation of opsworks-agent-ruby because it's already installed
[Wed, 01 Jul 2020 01:33:32 +0000] installer-wrapper: Cleaning up
[Wed, 01 Jul 2020 01:33:32 +0000] opsworks-init: Starting the installer
/opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:100:in `require_credentials': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:90:in `sign_authenticated_requests'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:83:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/retry_errors.rb:87:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/json/handler.rb:11:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/user_agent.rb:12:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/plugins/endpoint.rb:41:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/param_validator.rb:21:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/plugins/raise_response_errors.rb:14:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/plugins/response_target.rb:21:in `call'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/request.rb:70:in `send_request'
    from /opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:136:in `register_instance'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:55:in `merge_agent_config'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:14:in `block in generate_agent_config'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:13:in `open'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/registration.rb:13:in `generate_agent_config'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/instance_agent_registration_installer.rb:29:in `block in run'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/log.rb:96:in `measure'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/instance_agent_registration_installer.rb:29:in `run'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/lib/bootstrap/instance_agent_registration_installer.rb:11:in `run'
    from /tmp/opsworks-agent-installer.31Gl4pMnG52hqBgo/opsworks-agent-installer/opsworks-agent/bin/opsworks-agent-registration-installer.rb:8:in `<main>'
[Wed, 01 Jul 2020 01:35:18 +0000] opsworks-init: Agent installation failed.
[Wed, 01 Jul 2020 01:35:18 +0000] opsworks-init: Please verify the log files found under /var/log/aws/opsworks and submit findings to AWS Support.

Answer 1

您可以查看此错误

/opt/aws/opsworks/local/lib/ruby/gems/2.2.0/gems/aws-sdk-core-2.2.26/lib/aws-sdk-core/plugins/request_signer.rb:100:in `require_credentials': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)

这表明我没有设置我的 aws 凭据，但我有 我的 ACCESS_KEY_ID 和 SECRET_ACCESS_KEY 都设置在 ~/.aws/credentials 中， 我也尝试将这两个变量导出为环境 变量，但我仍然收到相同的错误。知道为什么这可以 正在发生吗？

首先，在 AWS 中工作时不应该使用ACCESS_KEY_ID，最好使用EC2 instance role。

第二件事，这意味着上面的key没有向AWS opswork stack注册实例的权限。

您需要添加所需的权限才能在 ops 工作堆栈中添加实例。您可以使用以下权限使其工作。

{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "opsworks:RegisterInstance", 
            "opsworks:DeregisterInstance",
            "opsworks:DescribeInstances"
          ],
          "Resource": [
            "*"
          ]
        }
      ]
    }

registered-instance-with-opswork