【发布时间】:2020-05-02 11:19:34
【问题描述】:
我曾经以 root 用户身份将 Java Web 应用程序部署到 Elastic Beanstalk (EC2),没有出现此问题。现在,我使用推荐的方式部署为 IAM 服务用户,但出现以下错误。我怀疑这是因为缺少权限(策略),但我不知道应该为 IAM 用户分配哪些策略。
问题:您能帮我找到合适的政策吗?
命令:
eb init --profile eb_admin
eb create --single
第二条命令的输出:
Printing Status:
2019-05-26 12:08:58 INFO createEnvironment is starting.
2019-05-26 12:08:59 INFO Using elasticbeanstalk-eu-central-1-726173845157 as Amazon S3 storage bucket for environment data.
2019-05-26 12:09:26 INFO Created security group named: awseb-e-ire9qdzahd-stack-AWSEBSecurityGroup-L5VUAQLDAA9F
2019-05-26 12:09:42 ERROR Stack named 'awseb-e-ire9qdzahd-stack' aborted operation. Current state: 'CREATE_FAILED' Reason: The following resource(s) failed to create: [MountTargetSecurityGroup, AWSEBEIP, sslSecurityGroupIngress, FileSystem].
2019-05-26 12:09:42 ERROR Creating security group failed Reason: The vpc ID 'vpc-7166611a' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidVpcID.NotFound; Request ID: c1d0ce4d-830d-4b0c-9f84-85d8da4f7243)
2019-05-26 12:09:42 ERROR Creating EIP: 54.93.84.166 failed. Reason: Resource creation cancelled
2019-05-26 12:09:42 ERROR Creating security group ingress named: sslSecurityGroupIngress failed Reason: Resource creation cancelled
2019-05-26 12:09:44 INFO Launched environment: stack-overflow-dev. However, there were issues during launch. See event log for details.
重要!
我使用一些.ebextensions 脚本来初始化环境:
- nginx
- https-instance-securitygroup
- storage-efs-createfilesystem
- storage-efs-mountfilesystem
查看日志后,我还注意到我忘记创建 EFS 文件系统所需的 VPC。会不会是 1 个失败的脚本 (storage-efs-createfilesystem) 是后续操作失败的根本原因?
【问题讨论】:
标签: amazon-web-services amazon-elastic-beanstalk aws-cli