带有Docker容器的AWS Cloudwatch日志-NoCredentialProviders:链中没有有效的提供商 [英] AWS Cloudwatch logs with Docker Container - NoCredentialProviders: no valid providers in chain
问题描述
我的docker-compose文件:
版本:'2'
服务:
scraper:
构建:./Scraper/
日志记录:
驱动程序: awslogs
选项:
awslogs-region: eu-west-1
awslogs-group:医生日志
awslogs-stream: scrapers-stream
量:
-./Scraper/spiders:/spiders
我已使用aws configure命令将AWS凭证添加到我的mac,并且凭证已正确存储在〜/ .aws / credentials
当我运行docker-compose up时,出现以下错误:
错误: scraper无法启动服务scraper:无法初始化日志记录驱动程序:NoCredentialProviders:链中没有有效的提供程序。
已弃用。
有关详细消息传递,请参阅aws.Config.CredentialsChainVerboseErrors
错误:启动项目时遇到错误。
我相信这是因为我需要在Docker Daemon中设置AWS凭证,但是我无法弄清楚在macOs Sierra上如何完成此操作。
我知道了。滚动自己的EC2实例时(不使用Beanstalk这样的自动化解决方案),您需要为EC2实例分配一个角色,以便它能够与其他AWS服务进行通信。
该策略是Docker文档在
该角色是第一个名为 Amazon EC2,其内容为允许EC2实例代表您调用AWS服务。
由于您仅限制对CloudWatch的访问,因此您可以走。然后,在您的EC2列表中,使用附加/替换IAM角色将该角色附加到您的实例:
您应该很好!
My docker-compose file:
version: '2'
services:
scraper:
build: ./Scraper/
logging:
driver: "awslogs"
options:
awslogs-region: "eu-west-1"
awslogs-group: "doctors-logs"
awslogs-stream: "scrapers-stream"
volumes:
- ./Scraper/spiders:/spiders
I have added my AWS credentials to my mac using the aws configure command and the credentials are stored correctly in ~/.aws/credentials
When I run docker-compose up I get the following error:
ERROR: for scraper Cannot start service scraper: Failed to initialize logging driver: NoCredentialProviders: no valid providers in chain.
Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors
ERROR: Encountered errors while bringing up the project.
I believe this is because I need to set the AWS credentials in the Docker Daemon but I cannot work out how this is done on macOs Sierra.
I figured out. When rolling your own EC2 instance (without using automated solutions like Beanstalk), you need to assign a role to your EC2 instance so it will be able to communicate with other AWS services.
The policy is the one that Docker docs provide in https://docs.docker.com/engine/admin/logging/awslogs/
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
then you need to attach this policy to a role
the role is the first one called "Amazon EC2" that reads "Allows EC2 instances to call AWS services on your behalf."
Since you are limiting your access only to CloudWatch, you're good to go. Then, in your EC2 listing, attach the role to your instance using "Attach/Replace IAM Role":
You should be good to go!
这篇关于带有Docker容器的AWS Cloudwatch日志-NoCredentialProviders:链中没有有效的提供商的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
