为什么AWS.EC2MetadataCredentials赋予错误的角色? [英] Why AWS.EC2MetadataCredentials giving wrong role?
问题描述
我们已使用ECS在AWS EC2容器上部署了节点服务(V8.15.1).我们在环境中具有AWS_ACCESS_KEY设置,并且角色已映射到EC2实例.我应该使用EC2实例角色来访问AWS SSM.所以,我在下面尝试过:
We have node service(V8.15.1) deployed on AWS EC2 containers using ECS.We have AWS_ACCESS_KEY setup in environment as well as a role is mapped to EC2 instances. I am supposed to use EC2 instance role to access AWS SSM. So, i tried below:
AWS.config.credentials = new AWS.EC2MetadataCredentials();
,并尝试从SSM读取参数. 我得到以下错误:
and tried to read parameter from SSM. i get below error:
{
"msg": "User: arn:aws:sts::AccountID:assumed-role/role-name/i-*****92a is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:resource_id:parameter/parame_id"
}
请注意,我认为i-***** 92a(角色名称中的实例ID)不允许我访问SSM参数,因为实际的角色名称中没有instanceid.
Please note, i-*****92a(instance id in role name) which i think doesn't let me access SSM parameter because actual role name is without instanceid in it.
预期:它应该是没有附加instanceid的实际角色名称.
Expected: It should have resulted into actual role name without instanceid appended.
推荐答案
我们认为,这是正常现象.问题在于参数nme设置之一在SSM中是错误的,因此该角色无法读取该信息.
We figured, it is a normal behaviour. The issue was that one of the parameter nme set was wrong in SSM and hence this role was not able read that.
这篇关于为什么AWS.EC2MetadataCredentials赋予错误的角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!