EB Worker cron.yaml - 无权执行:dynamodb:UpdateItem [英] EB Worker cron.yaml - is not authorized to perform: dynamodb:UpdateItem
本文介绍了EB Worker cron.yaml - 无权执行:dynamodb:UpdateItem的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我一直在尝试在我的EB工作人员上实施cron工作。
我的EB CLI在部署上说ERROR:更新环境操作完成,错误。
我的yaml似乎解析正常,在我的EB事件列表中,我看到成功从cron.yaml加载1个计划任务行
version:1
cron:
- name:cron
url:/ cron
schedule:* * * * *
我查看eb-活动。日志并且有这个问题:
活动执行失败,因为:User:arn:aws:sts :: 550612933446:角色/ WorkerTierRole_KK / i-5fe79aa0没有授权执行:dynamodb:updateItem on resource:arn:aws:dynamodb:us-east-1:550612933446:table / awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1GVA6A4AV0YDW - :DynamoDB :: Errors :: AccessDeniedException)(ElasticBeanstalk :: ExternalInvocationError)
造成的:User:arn:aws:sts :: 550612933446:assume-role / WorkerTierRole_KK / i-5fe79aa0无权执行:dynamodb:在资源上的UpdateItem:arn:aws:dynamodb:us-east-1:550612933446:table / awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1GVA6A4AV0YDW - (Aws :: DynamoDB :: Errors :: AccessDeniedException)(Executor :: NonZeroExitStatus)
这也是我在日志中找到的:
2015-06-04T02:17:19Z schedule-parser:从文件/opt/python/current/app/cron.yaml成功加载了1个计划任务。
2015-06-04T02:17:19Z init:User:arn:aws:sts :: 550612933446:假设角色/ WorkerTierRole_KK / i-254d00f5没有授权执行:dynamodb:UpdateItem on resource:arn:aws :dynamodb:us-east-1:550612933446:table / awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1KMJ9BLOVIUSJ(Aws :: DynamoDB :: Errors :: AccessDeniedException)
at / opt / elasticbeanstalk / lib / ruby / lib / ruby / gems / 2.1.0 / gems / aws-sdk-core-2.0.10 / lib / seahorse / client / plugins / raise_response_errors.rb:15:in`call'
从/ opt / elasticbeanstalk / lib / ruby / lib / ruby / gems / 2.1.0 / gems / aws-sdk-core-2.0.10 / lib / aws-sdk-core / plugins / dynamodb_simple_attributes.rb:112:in`call'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/plugins/param_conversion.rb:22:in'call'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/aws-sdk-core/plugins/response_paging.rb: 10:在`call'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/request。 rb:70:in`send_request'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/ base.rb:215:在define_operation_methods的块(2级)
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/ AWSMACLE / lib / leader_election / storage_manager.rb:81:in'update_registration'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/ AWSMACLE / lib / leader_election / storage_manager.rb:19:在`verify_table'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/ AWSMACLE / lib / leader_election / daemon.rb:37:in'initialize'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/ AWSMACLE / lib / leader_election.rb:8:在`new'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/ lib / leader_election.rb:8:在`create'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/ cron.rb:241:在`leader_election_daemon'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/cron。 rb:30:in'initialize'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/daemon.rb: 44:在`new'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/daemon.rb:44:在`initialize'中
来自/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:34:in`new'
从/opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:34:in`start'
从/ opt /
从/ opt / elasticbeanstalk / lib / ruby / bin / aws-sqsd:83:in'launch'
从/ opt / elasticbeanstalk / lib / ruby / lib / ruby / gems / 2.1.0 / gems / aws-sqsd-2.0 / bin / aws-sqsd:111:in`< top(必需)>'
从/ opt / elasticbeanstalk / / bin / aws-sqsd:23:in`load'
从/ opt / elasticbeanstalk / lib / ruby / bin / aws-sqsd:23:in`< main>'
我尝试重建我的环境,但没有任何区别。
似乎这个错误是我的手(希望不是这样,我做了一个简单的错误),是一个EB问题,如何处理cron工作。我没有任何dynamodb的:)
非常感谢任何帮助,
Phil解决方案cron工作者在后台使用一个小型发电机数据库表,以确保自动扩展组中只有一个实例执行cron任务。因此,您需要更新角色策略以包括相关的dynamo db权限。
I have been trying to implement a cron job on my EB worker.
My EB CLI on a deploy says "ERROR: Update environment operation is complete, but with errors."
My yaml seems to parse just fine and in my EB events list I see the line "Successfully loaded 1 scheduled tasks from cron.yaml."
version: 1 cron: - name: "cron" url: "/cron" schedule: "* * * * *"I look in the eb-activity.log and there is this issue:
Activity execution failed, because: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-5fe79aa0 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1GVA6A4AV0YDW - (Aws::DynamoDB::Errors::AccessDeniedException) (ElasticBeanstalk::ExternalInvocationError) caused by: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-5fe79aa0 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1GVA6A4AV0YDW - (Aws::DynamoDB::Errors::AccessDeniedException) (Executor::NonZeroExitStatus)This is what I also found in the log:
2015-06-04T02:17:19Z schedule-parser: Successfully loaded 1 scheduled tasks from file /opt/python/current/app/cron.yaml . 2015-06-04T02:17:19Z init: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-254d00f5 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1KMJ9BLOVIUSJ (Aws::DynamoDB::Errors::AccessDeniedException) at /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/aws-sdk-core/plugins/dynamodb_simple_attributes.rb:112:in `call' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/plugins/param_conversion.rb:22:in `call' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/aws-sdk-core/plugins/response_paging.rb:10:in `call' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/request.rb:70:in `send_request' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/base.rb:215:in `block (2 levels) in define_operation_methods' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/storage_manager.rb:81:in `update_registration' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/storage_manager.rb:19:in `verify_table' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/daemon.rb:37:in `initialize' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election.rb:8:in `new' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election.rb:8:in `create' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/cron.rb:241:in `leader_election_daemon' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/cron.rb:30:in `initialize' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/daemon.rb:44:in `new' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/daemon.rb:44:in `initialize' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:34:in `new' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:34:in `start' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:83:in `launch' from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:111:in `<top (required)>' from /opt/elasticbeanstalk/lib/ruby/bin/aws-sqsd:23:in `load' from /opt/elasticbeanstalk/lib/ruby/bin/aws-sqsd:23:in `<main>'I have tried rebuilding my environment but that didn't make any difference.
It seems like this error is out of my hands (hope that is not the case and I have made a simple mistake) and is an EB issue with how it handles cron jobs. I don't have any dynamodb's :)
Many thanks for any help, Phil
解决方案The cron worker uses a small dynamo db table behind the scenes to ensure only one instance in your auto scaling group executes the cron task. Hence you need to update your role policy to include relevant dynamo db permissions.
这篇关于EB Worker cron.yaml - 无权执行:dynamodb:UpdateItem的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
