为什么AWS.EC2MetadataCredentials赋予错误的角色? [英] Why AWS.EC2MetadataCredentials giving wrong role?

问题描述

我们已使用ECS在AWS EC2容器上部署了节点服务(V8.15.1).我们在环境中具有AWS_ACCESS_KEY设置，并且角色已映射到EC2实例.我应该使用EC2实例角色来访问AWS SSM.所以，我在下面尝试过:

We have node service(V8.15.1) deployed on AWS EC2 containers using ECS.We have AWS_ACCESS_KEY setup in environment as well as a role is mapped to EC2 instances. I am supposed to use EC2 instance role to access AWS SSM. So, i tried below:

AWS.config.credentials = new AWS.EC2MetadataCredentials();

，并尝试从SSM读取参数. 我得到以下错误:

and tried to read parameter from SSM. i get below error:

{
    "msg": "User: arn:aws:sts::AccountID:assumed-role/role-name/i-*****92a is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:resource_id:parameter/parame_id"
}

请注意，我认为i-***** 92a(角色名称中的实例ID)不允许我访问SSM参数，因为实际的角色名称中没有instanceid.

Please note, i-*****92a(instance id in role name) which i think doesn't let me access SSM parameter because actual role name is without instanceid in it.

预期:它应该是没有附加instanceid的实际角色名称.

Expected: It should have resulted into actual role name without instanceid appended.

推荐答案

我们认为，这是正常现象.问题在于参数nme设置之一在SSM中是错误的，因此该角色无法读取该信息.

We figured, it is a normal behaviour. The issue was that one of the parameter nme set was wrong in SSM and hence this role was not able read that.

这篇关于为什么AWS.EC2MetadataCredentials赋予错误的角色?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！