【发布时间】:2019-02-08 04:25:36
【问题描述】:
我有一个 IAM 角色,我已经使用模拟器进行了测试,以提供 AmazonEC2ContainerRegistryReadOnly 访问权限。我已经启动了一个具有该角色的 ec2,我可以在 EC2 控制台中看到它已附加到实例。当我通过 SSH 连接到 EC2 并尝试运行时
aws ecr get-authorization-token
我收到消息 'AccessKeyId'
我已尝试执行“aws configure”并设置默认区域和输出(将 ACCESS 和 SECRET 留空)但仍然得到相同的结果...
有人可以帮忙吗?
调试 -
[ec2-user@ip-10-0-101-105 ~]$ aws ecr get-authorization-token
'AccessKeyId'
[ec2-user@ip-10-0-101-105 ~]$ aws ecr get-authorization-token --debug
2017-02-01 15:03:00,704 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.11.44 Python/2.7.12 Linux/4.4.41-36.55.amzn1.x86_64 botocore/1.5.7
2017-02-01 15:03:00,704 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['ecr', 'get-authorization-token', '--debug']
2017-02-01 15:03:00,704 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_scalar_parsers at 0x7efd7abe4578>
2017-02-01 15:03:00,704 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x7efd7b516c80>
2017-02-01 15:03:00,705 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/lib/python2.7/site-packages/botocore/data/ecr/2015-09-21/service-2.json
2017-02-01 15:03:00,712 - MainThread - botocore.hooks - DEBUG - Event service-data-loaded.ecr: calling handler <function register_retries_for_service at 0x7efd7be11488>
2017-02-01 15:03:00,712 - MainThread - botocore.handlers - DEBUG - Registering retry handlers for service: ecr
2017-02-01 15:03:00,713 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ecr: calling handler <function _inject_get_login at 0x7efd7acff1b8>
2017-02-01 15:03:00,713 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ecr: calling handler <function add_waiters at 0x7efd7abe8938>
2017-02-01 15:03:00,716 - MainThread - awscli.clidriver - DEBUG - OrderedDict([(u'registry-ids', <awscli.arguments.ListArgument object at 0x7efd7a87d9d0>)])
2017-02-01 15:03:00,716 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecr.get-authorization-token: calling handler <function add_streaming_output_arg at 0x7efd7abe4b90>
2017-02-01 15:03:00,716 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecr.get-authorization-token: calling handler <function add_cli_input_json at 0x7efd7b520b90>
2017-02-01 15:03:00,717 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecr.get-authorization-token: calling handler <function unify_paging_params at 0x7efd7ac735f0>
2017-02-01 15:03:00,719 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/lib/python2.7/site-packages/botocore/data/ecr/2015-09-21/paginators-1.json
2017-02-01 15:03:00,719 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecr.get-authorization-token: calling handler <function add_generate_skeleton at 0x7efd7ac5d9b0>
2017-02-01 15:03:00,719 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ecr.get-authorization-token: calling handler <bound method CliInputJSONArgument.override_required_args of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x7efd7a87da10>>
2017-02-01 15:03:00,719 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ecr.get-authorization-token: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7efd7a85a750>>
2017-02-01 15:03:00,720 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecr.get-authorization-token.registry-ids: calling handler <function uri_param at 0x7efd7b53aaa0>
2017-02-01 15:03:00,720 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecr.get-authorization-token.cli-input-json: calling handler <function uri_param at 0x7efd7b53aaa0>
2017-02-01 15:03:00,720 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecr.get-authorization-token.generate-cli-skeleton: calling handler <function uri_param at 0x7efd7b53aaa0>
2017-02-01 15:03:00,721 - MainThread - botocore.hooks - DEBUG - Event calling-command.ecr.get-authorization-token: calling handler <bound method GenerateCliSkeletonArgument.generate_json_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7efd7a85a750>>
2017-02-01 15:03:00,721 - MainThread - botocore.hooks - DEBUG - Event calling-command.ecr.get-authorization-token: calling handler <bound method CliInputJSONArgument.add_to_call_parameters of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x7efd7a87da10>>
2017-02-01 15:03:00,721 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2017-02-01 15:03:00,721 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2017-02-01 15:03:00,721 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2017-02-01 15:03:00,721 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: config-file
2017-02-01 15:03:00,722 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: ec2-credentials-file
2017-02-01 15:03:00,722 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: boto-config
2017-02-01 15:03:00,722 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: container-role
2017-02-01 15:03:00,722 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: iam-role
2017-02-01 15:03:00,725 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2017-02-01 15:03:00,726 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 11
2017-02-01 15:03:00,727 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2017-02-01 15:03:00,728 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/jenkins-DEV HTTP/1.1" 200 255
2017-02-01 15:03:00,729 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/awscli/clidriver.py", line 197, in main
return command_table[parsed_args.command](remaining, parsed_args)
File "/usr/local/lib/python2.7/site-packages/awscli/clidriver.py", line 333, in __call__
return command_table[parsed_args.operation](remaining, parsed_globals)
File "/usr/local/lib/python2.7/site-packages/awscli/clidriver.py", line 503, in __call__
call_parameters, parsed_globals)
File "/usr/local/lib/python2.7/site-packages/awscli/clidriver.py", line 620, in invoke
verify=parsed_globals.verify_ssl)
File "/usr/local/lib/python2.7/site-packages/botocore/session.py", line 825, in create_client
credentials = self.get_credentials()
File "/usr/local/lib/python2.7/site-packages/botocore/session.py", line 449, in get_credentials
'credential_provider').load_credentials()
File "/usr/local/lib/python2.7/site-packages/botocore/credentials.py", line 1083, in load_credentials
creds = provider.load()
File "/usr/local/lib/python2.7/site-packages/botocore/credentials.py", line 488, in load
metadata = fetcher.retrieve_iam_role_credentials()
File "/usr/local/lib/python2.7/site-packages/botocore/utils.py", line 203, in retrieve_iam_role_credentials
'access_key': data[role_name]['AccessKeyId'],
KeyError: 'AccessKeyId'
2017-02-01 15:03:00,735 - MainThread - awscli.clidriver - DEBUG - Exiting with rc 255
'AccessKeyId'
编辑:
发现信任策略设置错误..
【问题讨论】:
-
这是一个奇怪的错误。您可以尝试使用
--debug选项运行命令并发布结果吗? -
谢谢,已添加到主帖中。
标签: amazon-web-services amazon-ec2 amazon-iam aws-cli