我按照亚马逊指南安装了ec2 api。我将访问ID和密码设置为环境变量。
这是我的个人资料:
导出AWS_ACCESS_KEY = XXXXX
导出AWS_SECRET_KEY = XXXXXX
export JAVA_HOME = / usr / lib / jvm / java-7-openjdk-amd64 / jre
export EC2_HOME = / usr / local / ec2 / ec2-api-tools-1.7.1.0
export PATH = $ PATH:$ EC2_HOME / bin
Everythings看起来像按要求配置,但我无法连接到aws。
这里以详细模式命令ec2-describe-regions的输出:
Client.AuthFailure: AWS was not able to validate the provided access credentials
ubuntu@ip:~$ ec2dre -v
Setting User-Agent to [ec2-api-tools 1.7.1.0]
2014-07-14 19:10:34,898 [main] DEBUG org.apache.http.wire - >> "POST / HTTP/1.1[\r][\n]"
2014-07-14 19:10:34,912 [main] DEBUG org.apache.http.wire - >> "Host: ec2.amazonaws.com[\r][\n]"
2014-07-14 19:10:34,912 [main] DEBUG org.apache.http.wire - >> "X-Amz-Date: 20140714T191033Z[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire - >> "Authorization: AWS4-HMAC-SHA256 Credential=AKIAIT64V5MH2HHF5QZQ/20140714/us-east-1/ec2/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=06920c7d37a24d8244feb630d87310238886294d3ae2ab40f68a362a799d9a62[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire - >> "User-Agent: ec2-api-tools 1.7.1.0, aws-sdk-java/unknown-version Linux/3.2.0-36-virtual OpenJDK_64-Bit_Server_VM/24.51-b03[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire - >> "Content-Type: application/x-www-form-urlencoded; charset=utf-8[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire - >> "Content-Length: 41[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire - >> "[\r][\n]"
2014-07-14 19:10:34,914 [main] DEBUG org.apache.http.wire - >> "Action=DescribeRegions&Version=2014-06-15"
2014-07-14 19:10:34,984 [main] DEBUG org.apache.http.wire - << "HTTP/1.1 401 Unauthorized[\r][\n]"
2014-07-14 19:10:35,002 [main] DEBUG org.apache.http.wire - << "Transfer-Encoding: chunked[\r][\n]"
2014-07-14 19:10:35,003 [main] DEBUG org.apache.http.wire - << "Date: Mon, 14 Jul 2014 19:18:34 GMT[\r][\n]"
2014-07-14 19:10:35,003 [main] DEBUG org.apache.http.wire - << "Server: AmazonEC2[\r][\n]"
2014-07-14 19:10:35,010 [main] DEBUG org.apache.http.wire - << "[\r][\n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire - << "fe[\r][\n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire - << "<?xml version="1.0" encoding="UTF-8"?>[\n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire - << "<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>cd2b128b-3d70-425b-a8a7-4856fd9a6b99</RequestID></Response>"
2014-07-14 19:10:35,278 [main] DEBUG org.apache.http.wire - << "[\r][\n]"
2014-07-14 19:10:35,279 [main] DEBUG org.apache.http.wire - << "0[\r][\n]"
2014-07-14 19:10:35,279 [main] DEBUG org.apache.http.wire - << "[\r][\n]"
Client.AuthFailure: AWS was not able to validate the provided access credentials
Request ID: cd2b128b-3d70-425b-a8a7-4856fd9a6b99
答案 0 :(得分:85)
检查服务器时钟是否已同步。
如果时钟延迟,可能会导致此错误:
AWS was not able to validate the provided access credentials
答案 1 :(得分:19)
当我的系统时钟设置错误时,我遇到了这个问题。
在我的情况下,时钟提前了两个小时。
同样重要的是将命令放在.bashrc或类似文件(.bash_aliases)中:
export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXX"
export AWS_SECRET_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
运行source ~/.bashrc
这一点的重要性在于,当运行ec2命令时,会创建新的shell实例,否则不会获取环境变量。
答案 2 :(得分:7)
运行aws s3 ls以确认错误是否与时间同步有关。你应该得到如下错误:
调用ListBuckets操作时发生错误(RequestTimeTooSkewed):请求时间和当前时间之间的差异太大。
如果有,请尝试按建议同步日期时间。
Linux上的示例shell命令:
# Install the ntpdate client for setting system time from NTP servers.
sudo apt-get --yes install ntpdate
sudo ntpdate 0.amazon.pool.ntp.org
然后再次重新尝试aws命令。
如果时区仍然不正确,请运行:sudo dpkg-reconfigure tzdata进行配置,或者执行以下操作:
timedatectl list-timezones
timedatectl set-timezone 'Europe/London'
答案 3 :(得分:4)
AWS CLI对我来说运行正常,但突然间它开始失败并出现以下错误
A client error (AuthFailure) occurred when calling the DescribeTags operation: AWS was not able to validate the provided access credentials
尝试使用一组新的凭据,但这并没有帮助。
只有在EC2实例上执行停止启动后才能工作(重启可能也有效)。因此,似乎是执行aws cli的特定EC2实例的问题。
答案 4 :(得分:2)
我有一个类似的问题。我的本地服务器上的时钟关闭。我通过以下命令对其进行了纠正。
须藤日期-s“ $(wget -qSO- --max-redirect = 0 google.com 2>&1 | grep日期:| cut -d''-f5-8)Z”
然后,aws工作了。
答案 5 :(得分:1)
这也可能是由于问题所致,具体取决于您尝试到达的区域。我有一个脚本试图在所有地区都扮演角色,并一直在香港(ap-east-1)获得成功。您必须首先启用此区域才能访问它。如果您未启用以下区域,则会出现此错误:
ap-east-1
cn-north-1
cn-northwest-1
us-gov-east-1
us-gov-west-1
奇怪的是,ap-northeast-3也给出了一个错误,但错误是OptInRequired。
答案 6 :(得分:0)
对于CentOS
# install ntpdate
sudo yum install ntpdate
# install policy kit
sudo yum install polkit
# start ntpd service
sudo systemctl start ntpd.service
sudo ntpdate 0.amazon.pool.ntp.org
您也可以再次重新配置AWS凭证
aws configure