AWS DotNet SDK错误:无法从EC2实例元数据服务获取IAM安全凭证 [英] AWS DotNet SDK Error: Unable to get IAM security credentials from EC2 Instance Metadata Service
问题描述
我使用来自此处,以便使用c#代码从AWS SecretsManager检索秘密.
I use an example from here in order to retreive a secret from AWS SecretsManager in c# code.
我已经通过AWS CLI在本地设置了凭据,并且能够使用AWS CLI命令"aws secretsmanager list-secrets"检索秘密列表.
I have set credentials locally via AWS CLI, and I am able to retreive secret list using AWS CLI command "aws secretsmanager list-secrets".
但是c#控制台应用程序失败并出现错误:
But c# console app fails with an error:
> Unhandled exception. System.AggregateException: One or more errors occurred. (Unable to get IAM security credentials from EC2 Instance Metadata Service.)
---> Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.FetchCredentials()
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentials()
at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentialsAsync()
at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext)
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at AWSConsoleApp2.GetSecretValueFirst.GetSecret() in D:\Work\Projects\Training\AWSConsoleApp2\AWSConsoleApp2\GetSecretValueFirst.cs:line 53
at AWSConsoleApp2.Program.Main(String[] args) in D:\Work\Projects\Training\AWSConsoleApp2\AWSConsoleApp2\Program.cs:line 11
当我更改原始构造函数调用
When I change original constructor call
IAmazonSecretsManager客户端=新的AmazonSecretsManagerClient();
IAmazonSecretsManager client = new AmazonSecretsManagerClient();
添加了类型为AWSCredentials的继承参数
with adding inherited parameter of type AWSCredentials
IAmazonSecretsManager客户端=新的AmazonSecretsManagerClient(新的StoredProfileAWSCredentials());
IAmazonSecretsManager client = new AmazonSecretsManagerClient(new StoredProfileAWSCredentials());
它工作正常.
StoredProfileAWSCredentials类已过时,但可以使用它.我使用的库可以在其他计算机上正常运行,并且无法更改它们.
Class StoredProfileAWSCredentials is obsolete but it works to use it. I use libraries that work without errors on the other machines and I cannot change them.
我为属于Administrators组的用户使用凭据,并且具有对SecretsMnager的完全访问权限.在c#代码中正确设置了地区,默认是配置文件.
I use credentials for user that belongs to Administrators group and has full access to SecretsMnager. Region has set properly in c# code, profile is default.
有什么想法吗?感谢您的进步
Any ideas? Thanks for advance
推荐答案
我遇到了同样的问题,这是我如何在开发环境中修复它
I had the same issue, here is how I fixed it on my development environment
- 我使用适用于Visual Studio的AWS扩展创建了一个AWS配置文件
- 设置个人资料后,凭据将通过该个人资料传递,并且对我来说效果很好
这里需要注意的是,访问密钥管理器的用户个人资料应为秘密"管理器分配一个有效的安全组.
Point to note here, the user profile accessing the key manager should have a valid security group assigned for the Secrets manager.
尝试一下,让我知道,进展如何.
Try it out let me know, how it went.
这篇关于AWS DotNet SDK错误:无法从EC2实例元数据服务获取IAM安全凭证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
