【发布时间】:2016-09-04 04:14:16
【问题描述】:
这肯定是一个奇怪的问题。我有一个 aws 命令行用户,我在 AWS 账户中设置了管理员权限。当我发出 aws ec2 命令时,我为用户生成的凭据有效。但不是当我运行 aws iam 命令时。
当我运行 aws iam 命令时,这是我得到的:
[user@web1:~] #aws iam create-account-alias --account-alias=mcollective
An error occurred (InvalidClientTokenId) when calling the CreateAccountAlias operation: The security token included in the request is invalid.
但是,当我使用相同的凭据运行 aws ec2 子命令时,我获得了成功:
[root@web1:~] #aws ec2 describe-instances --profile=mcollective
RESERVATIONS 281933881942 r-0080cb499a0299557
INSTANCES 0 x86_64 146923690580740912 False xen ami-6d1c2007 i-00dcdb6cbff0d7980 t2.micro mcollective 2016-07-27T23:56:50.000Z ip-xxx-xx-xx-xx.ec2.internal xx.xx.xx.xx ec2-xx-xx-xx-xx.compute-1.amazonaws.com xx.xxx.xx.xx /dev/sda1 ebs True subnet-0e734056 hvm vpc-909103f7
BLOCKDEVICEMAPPINGS /dev/sda1
EBS 2016-07-23T01:26:42.000Z False attached vol-0eb52f6a94c5833aa
MONITORING disabled
NETWORKINTERFACES 0e:68:20:c5:fa:23 eni-f78223ec 281933881942 ip-xxx-xx-xx-xx.ec2.internal xxx.xx.xx.xx True in-use subnet-0e734056 vpc-909103f7
ASSOCIATION 281933881942 ec2-xxx-xx-xx-xx.compute-1.amazonaws.com xx.xx.xx.xx
ATTACHMENT 2016-07-23T01:26:41.000Z eni-attach-cbf11a1f True 0 attached
GROUPS sg-b1b3bdca CentOS 7 -x86_64- - with Updates HVM-1602-AutogenByAWSMP-
PRIVATEIPADDRESSES True ip-xxx-xx-xx-xxx.ec2.internal xxx.xx.xx.xx
ASSOCIATION 281933881942 ec2-xx-xx-xx-xx.compute-1.amazonaws.com xx.xx.xx.xx
PLACEMENT us-east-1a default
PRODUCTCODES aw0evgkw8e5c1q413zgy5pjce marketplace
SECURITYGROUPS sg-b1b3bdca CentOS 7 -x86_64- - with Updates HVM-1602-AutogenByAWSMP-
STATE 16 running
TAGS Name mcollective
You have mail in /var/spool/mail/root
[root@web1:~] #
那么,为什么相同的凭据对一组 aws 子命令有效,而对另一组无效呢?我真的很好奇这个!
【问题讨论】:
-
将您的用户更改为 root,然后运行此命令 aws iam create-account-alias --account-alias=mcollective 并查看它是否有效?
-
您确定为
user和root帐户配置了相同的凭据吗? -
您在 EC2 命令上传递了
--profile选项,但您不在 IAM 命令上。 -
是的!就是这样。对不起,那是漫长的一天.. 叹息!谢谢
标签: amazon-web-services aws-cli