我在1.10.65中遇到一个奇怪的问题,其中相同的凭据在一台机器上工作但在另一台机器上不工作。这令人困惑。两台服务器都使用相同版本的cli。问题服务器运行CentOS 7.2,cli工作的是CentOS 7.1。我不认为这应该是差异。我使用aws configure --profile = foo命令以相同的方式添加了凭据。
为了演示此问题,这是我在问题服务器上遇到的错误:
[user@salt:~] #aws ec2 describe-regions --profile=jf-ops
An error occurred (AuthFailure) when calling the DescribeRegions operation: AWS was not able to validate the provided access credentials
在工作服务器上,我得到正确的回复。
[user@ops1:~] #aws ec2 describe-regions --profile=jf-ops
REGIONS ec2.ap-south-1.amazonaws.com ap-south-1
REGIONS ec2.eu-west-1.amazonaws.com eu-west-1
REGIONS ec2.ap-southeast-1.amazonaws.com ap-southeast-1
REGIONS ec2.ap-southeast-2.amazonaws.com ap-southeast-2
REGIONS ec2.eu-central-1.amazonaws.com eu-central-1
REGIONS ec2.ap-northeast-2.amazonaws.com ap-northeast-2
REGIONS ec2.ap-northeast-1.amazonaws.com ap-northeast-1
REGIONS ec2.us-east-1.amazonaws.com us-east-1
REGIONS ec2.sa-east-1.amazonaws.com sa-east-1
REGIONS ec2.us-west-1.amazonaws.com us-west-1
REGIONS ec2.us-west-2.amazonaws.com us-west-2
正如我所提到的,我以同样的方式将凭据添加到工作和非工作服务器。通过configure子命令:
[user@salt:~] #aws configure --profile=jf-ops
AWS Access Key ID [*********************]: XXXXXXXXXXXXXXXXXXXXX
AWS Secret Access Key [********************]: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Default region name [us-east-1]:
Default output format [text]:
有一次,我甚至将aws凭证和配置文件从工作服务器复制到非工作服务器。错误仍然存在。 :(
下面,请查看命令的调试输出,因为它是从cli无法正常工作的主机运行的:
[user@salt:~] #aws ec2 describe-regions --profile=jf-ops --debug
2016-09-18 10:20:09,987 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.10.65 Python/2.7.5 Linux/3.10.0-327.10.1.el7.x86_64 botocore/1.4.55
2016-09-18 10:20:09,987 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['ec2', 'describe-regions', '--profile=jf-ops', '--debug']
2016-09-18 10:20:09,987 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_scalar_parsers at 0x1a271b8>
2016-09-18 10:20:09,987 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x17566e0>
2016-09-18 10:20:09,991 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/lib/python2.7/site-packages/botocore/data/ec2/2016-04-01/service-2.json
2016-09-18 10:20:10,077 - MainThread - botocore.hooks - DEBUG - Event service-data-loaded.ec2: calling handler <function register_retries_for_service at 0x12cd488>
2016-09-18 10:20:10,077 - MainThread - botocore.handlers - DEBUG - Registering retry handlers for service: ec2
2016-09-18 10:20:10,084 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ec2: calling handler <functools.partial object at 0x1a2f9f0>
2016-09-18 10:20:10,084 - MainThread - awscli.customizations.removals - DEBUG - Removing operation: import-instance
2016-09-18 10:20:10,085 - MainThread - awscli.customizations.removals - DEBUG - Removing operation: import-volume
2016-09-18 10:20:10,085 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ec2: calling handler <function add_waiters at 0x1a31398>
2016-09-18 10:20:10,086 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/lib/python2.7/site-packages/botocore/data/ec2/2016-04-01/waiters-2.json
2016-09-18 10:20:10,089 - MainThread - awscli.clidriver - DEBUG - OrderedDict([(u'dry-run', <awscli.arguments.BooleanArgument object at 0x26bf050>), (u'no-dry-run', <awscli.arguments.BooleanArgument object at 0x26bf090>), (u'region-names', <awscli.arguments.ListArgument object at 0x26bf0d0>), (u'filters', <awscli.arguments.ListArgument object at 0x26bf110>)])
2016-09-18 10:20:10,089 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ec2.describe-regions: calling handler <function add_streaming_output_arg at 0x1a276e0>
2016-09-18 10:20:10,090 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ec2.describe-regions: calling handler <function _rename_arg at 0x1a68848>
2016-09-18 10:20:10,090 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ec2.describe-regions: calling handler <function _rename_arg at 0x1a68938>
2016-09-18 10:20:10,090 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ec2.describe-regions: calling handler <functools.partial object at 0x1a2faa0>
2016-09-18 10:20:10,090 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ec2.describe-regions: calling handler <function add_cli_input_json at 0x175f500>
2016-09-18 10:20:10,090 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ec2.describe-regions: calling handler <function unify_paging_params at 0x1940848>
2016-09-18 10:20:10,092 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/lib/python2.7/site-packages/botocore/data/ec2/2016-04-01/paginators-1.json
2016-09-18 10:20:10,092 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ec2.describe-regions: calling handler <function add_generate_skeleton at 0x192cd70>
2016-09-18 10:20:10,092 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ec2.describe-regions: calling handler <bound method CliInputJSONArgument.override_required_args of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x257fc50>>
2016-09-18 10:20:10,092 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ec2.describe-regions: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x26bf2d0>>
2016-09-18 10:20:10,093 - MainThread - botocore.hooks - DEBUG - Event operation-args-parsed.ec2.describe-regions: calling handler <functools.partial object at 0x161f470>
2016-09-18 10:20:10,093 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ec2.describe-regions.dry-run: calling handler <function uri_param at 0x156ede8>
2016-09-18 10:20:10,093 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ec2.describe-regions.region-names: calling handler <function uri_param at 0x156ede8>
2016-09-18 10:20:10,094 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ec2.describe-regions.filters: calling handler <function uri_param at 0x156ede8>
2016-09-18 10:20:10,094 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ec2.describe-regions.cli-input-json: calling handler <function uri_param at 0x156ede8>
2016-09-18 10:20:10,094 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ec2.describe-regions.generate-cli-skeleton: calling handler <function uri_param at 0x156ede8>
2016-09-18 10:20:10,094 - MainThread - botocore.hooks - DEBUG - Event calling-command.ec2.describe-regions: calling handler <bound method GenerateCliSkeletonArgument.generate_json_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x26bf2d0>>
2016-09-18 10:20:10,094 - MainThread - botocore.hooks - DEBUG - Event calling-command.ec2.describe-regions: calling handler <bound method CliInputJSONArgument.add_to_call_parameters of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x257fc50>>
2016-09-18 10:20:10,094 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2016-09-18 10:20:10,094 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2016-09-18 10:20:10,094 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
2016-09-18 10:20:10,095 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/lib/python2.7/site-packages/botocore/data/endpoints.json
2016-09-18 10:20:10,105 - MainThread - botocore.client - DEBUG - Registering retry handlers for service: ec2
2016-09-18 10:20:10,114 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.ec2: calling handler <function add_generate_presigned_url at 0x12a3938>
2016-09-18 10:20:10,114 - MainThread - botocore.args - DEBUG - The s3 config key is not a dictionary type, ignoring its value of: None
2016-09-18 10:20:10,117 - MainThread - botocore.endpoint - DEBUG - Setting ec2 timeout as (60, 60)
2016-09-18 10:20:10,117 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.ec2.DescribeRegions: calling handler <bound method ParameterAlias.alias_parameter_in_call of <botocore.handlers.ParameterAlias object at 0x12c4e10>>
2016-09-18 10:20:10,118 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=DescribeRegions) (verify_ssl=True) with params: {'body': {'Action': u'DescribeRegions', 'Version': u'2016-04-01'}, 'url': u'https://ec2.us-east-1.amazonaws.com/', 'headers': {'User-Agent': 'aws-cli/1.10.65 Python/2.7.5 Linux/3.10.0-327.10.1.el7.x86_64 botocore/1.4.55'}, 'context': {'client_region': 'us-east-1', 'has_streaming_input': False, 'client_config': <botocore.config.Config object at 0x287df90>}, 'query_string': '', 'url_path': '/', 'method': u'POST'}
2016-09-18 10:20:10,118 - MainThread - botocore.hooks - DEBUG - Event request-created.ec2.DescribeRegions: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x287df10>>
2016-09-18 10:20:10,119 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2016-09-18 10:20:10,119 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/
host:ec2.us-east-1.amazonaws.com
x-amz-date:20160918T142010Z
host;x-amz-date
426f0ef3e72959b3ca7e2830512478e82ee3489bfbbdcca9a97f6937a2b9faee
2016-09-18 10:20:10,119 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20160918T142010Z
20160918/us-east-1/ec2/aws4_request
9de0742ab4b7bdcfea61335d7abc68f7dc03c2a1151a04f00e0d5cf1b4be21bb
2016-09-18 10:20:10,119 - MainThread - botocore.auth - DEBUG - Signature:
c2ee6219a5f56572726c5c3bacebd33879b0c49410e27b2cffb278339ca2319d
2016-09-18 10:20:10,124 - MainThread - botocore.endpoint - DEBUG - Sending http request: <PreparedRequest [POST]>
2016-09-18 10:20:10,125 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTPS connection (1): ec2.us-east-1.amazonaws.com
2016-09-18 10:20:10,150 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "POST / HTTP/1.1" 401 None
2016-09-18 10:20:10,151 - MainThread - botocore.parsers - DEBUG - Response headers: {'transfer-encoding': 'chunked', 'date': 'Sun, 18 Sep 2016 14:27:31 GMT', 'server': 'AmazonEC2'}
2016-09-18 10:20:10,151 - MainThread - botocore.parsers - DEBUG - Response body:
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>3bc05209-a868-4bd3-89cf-75cee9a1c43b</RequestID></Response>
2016-09-18 10:20:10,151 - MainThread - botocore.hooks - DEBUG - Event needs-retry.ec2.DescribeRegions: calling handler <botocore.retryhandler.RetryHandler object at 0x257fbd0>
2016-09-18 10:20:10,151 - MainThread - botocore.retryhandler - DEBUG - No retry needed.
2016-09-18 10:20:10,151 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/awscli/clidriver.py", line 186, in main
return command_table[parsed_args.command](remaining, parsed_args)
File "/usr/lib/python2.7/site-packages/awscli/clidriver.py", line 381, in __call__
return command_table[parsed_args.operation](remaining, parsed_globals)
File "/usr/lib/python2.7/site-packages/awscli/clidriver.py", line 551, in __call__
call_parameters, parsed_globals)
File "/usr/lib/python2.7/site-packages/awscli/clidriver.py", line 675, in invoke
**parameters)
File "/usr/lib/python2.7/site-packages/botocore/client.py", line 159, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/lib/python2.7/site-packages/botocore/client.py", line 494, in _make_api_call
raise ClientError(parsed_response, operation_name)
ClientError: An error occurred (AuthFailure) when calling the DescribeRegions operation: AWS was not able to validate the provided access credentials
2016-09-18 10:20:10,152 - MainThread - awscli.clidriver - DEBUG - Exiting with rc 255
An error occurred (AuthFailure) when calling the DescribeRegions operation: AWS was not able to validate the provided access credentials
我很感激一些建议让这个工作!