创建EBS卷并将其附加到EC2Resource i AWS Data Pipeline的权限 [英] Permissions for creating and attaching EBS Volume to an EC2Resource i AWS Data Pipeline
问题描述
我需要的本地磁盘多于AWS Data Pipline中EC2Resources可用的磁盘.最简单的解决方案似乎是创建并附加一个EBS卷.
I need more local disk than available to EC2Resources in an AWS Data Pipline. The simplest solution seems to be to create and attach an EBS volume.
我已将EC2:CreateVolume和EC2:AttachVolume策略添加到DataPipelineDefaultRole和DataPipelineDefaultResourceRole.
I have added EC2:CreateVolume og EC2:AttachVolume policies to both DataPipelineDefaultRole and DataPipelineDefaultResourceRole.
我还尝试为外壳中具有相同权限的IAM角色设置AWS_ACCESS_KEY_ID和AWS_SECRET_ACCESS_KEY,但可惜没有运气.
I have also tried setting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for an IAM role with the same permissions in the shell, but alas no luck.
是否还需要其他权限,是否未使用其声明的角色,或者根本不可能?
Is there some other permission needed, is it not using the roles it says it uses or is this not possible at all?
数据管道ShellCommandActivity具有脚本uri指向执行该命令的shell脚本: aws ec2 create-volume-可用区eu-west-1b --size 100 --volume-type gp2 --region eu-west-1 --tag-specifications'ResourceType = volume,Tags = [{Key = purpose ,Value = unzip_file}]'
The Data Pipeline ShellCommandActivity with has a script uri point to a shell script that executes this command: aws ec2 create-volume --availability-zone eu-west-1b --size 100 --volume-type gp2 --region eu-west-1 --tag-specifications 'ResourceType=volume,Tags=[{Key=purpose,Value=unzip_file}]'
我得到的错误是: 调用CreateVolume操作时发生错误(UnauthorizedOperation):您无权执行此操作.
The error I get is: An error occurred (UnauthorizedOperation) when calling the CreateVolume operation: You are not authorized to perform this operation.
推荐答案
我完全忽略了加密的授权消息,以为那只是内部的AWS问题.您的评论让我再看看 kdgregory .事实证明,对CreateVolume的引用有点像红色鲱鱼.
I had completely ignored the encrypted authorization message, thinking it was just some internal AWS thing. Your comment made me take a second look, kdgregory. Turns out the reference to the CreateVolume was somewhat of a red herring.
解密该消息后,我看到它失败,并显示"action":"ec2:CreateTags",这意味着它没有创建标签的权限.我添加了此权限,并且现在可以使用.
Decrypting the message, I see that it fails with "action":"ec2:CreateTags" meaning it lacks the permission to create tags. I added this permission and it works now.
这篇关于创建EBS卷并将其附加到EC2Resource i AWS Data Pipeline的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
