InstanceAgent :: Plugins :: CodeDeployPlugin :: CommandPoller：缺少凭据

Question

我正在尝试使用AWS CodeDeploy将GitHub项目部署到EC2实例。在关注了2个视频教程之后，我还是收到了以下错误：

2017-02-01 12:20:08 INFO  [codedeploy-agent(1379)]: master 1379: Spawned child 1/1
2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: On Premises config file does not exist or not readable
2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandExecutor: Archives to retain is: 5}
2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: Version file found in /opt/codedeploy-agent/.version.
2017-02-01 12:20:09 ERROR [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile

我有两个IAM：

• CodeDeployInstanceRole
• CodeDeployServiceRole

EC2实例的CodeDeployInstanceRole

政策名称：AmazonEC2RoleforAWSCodeDeploy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:ListObjects"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

政策名称：AutoScalingNotificationAccessRole

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Resource": "*",
        "Action": [
            "sqs:SendMessage",
            "sqs:GetQueueUrl",
            "sns:Publish"
        ]
      }
    ]
}

信任关系

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "codedeploy.amazonaws.com",
          "ec2.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

CodeDeploy的CodeDeployServiceRole

政策名称：AWSCodeDeployRole

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "autoscaling:CompleteLifecycleAction",
        "autoscaling:DeleteLifecycleHook",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DescribeLifecycleHooks",
        "autoscaling:PutLifecycleHook",
        "autoscaling:RecordLifecycleActionHeartbeat",
        "autoscaling:CreateAutoScalingGroup",
        "autoscaling:UpdateAutoScalingGroup",
        "autoscaling:EnableMetricsCollection",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DescribePolicies",
        "autoscaling:DescribeScheduledActions",
        "autoscaling:DescribeNotificationConfigurations",
        "autoscaling:DescribeLifecycleHooks",
        "autoscaling:SuspendProcesses",
        "autoscaling:ResumeProcesses",
        "autoscaling:AttachLoadBalancers",
        "autoscaling:PutScalingPolicy",
        "autoscaling:PutScheduledUpdateGroupAction",
        "autoscaling:PutNotificationConfiguration",
        "autoscaling:PutLifecycleHook",
        "autoscaling:DescribeScalingActivities",
        "autoscaling:DeleteAutoScalingGroup",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:TerminateInstances",
        "tag:GetTags",
        "tag:GetResources",
        "sns:Publish",
        "cloudwatch:DescribeAlarms",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
        "elasticloadbalancing:DeregisterInstancesFromLoadBalancer"
      ],
      "Resource": "*"
    }
  ]
}

信任关系

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "codedeploy.amazonaws.com",
          "ec2.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

EC2实例

我根据Debian创建自己创建的图像，所以我已经安装了NodeJS。当我旋转新实例时，我还将以下代码粘贴到User data文本区域中，以确保安装了CodeDeploy。

#!/bin/bash -x

REGION=$(curl 169.254.169.254/latest/meta-data/placement/availability-zone/ | sed 's/[a-z]$//') &&

sudo apt-get update -y &&

sudo apt-get install -y python-pip &&

sudo apt-get install -y ruby &&

sudo apt-get install -y wget &&

cd /home/admin &&

wget https://aws-codedeploy-$REGION.s3.amazonaws.com/latest/install &&

chmod +x ./install &&

sudo ./install auto &&

sudo apt-get remove -y wget &&

sudo service codedeploy-agent start

调试

如果我登录我创建的EC2实例，并执行以下命令：

echo $(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/)

我收到以下回复CodeDeployInstanceRole

然后我执行

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/CodeDeployInstanceRole

我得到以下回复

{
  "Code" : "Success",
  "LastUpdated" : "2017-02-01T12:38:07Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "THE_KEY",
  "SecretAccessKey" : "SECRET",
  "Token" : "TOKEN",
  "Expiration" : "2017-02-01T19:08:43Z"
}

在GitHub上，我看到即使我使用GitHub选择部署，CodeDeploy也永远不会访问我的仓库，我设置了正确的仓库名称，并提交了ID。

问题

我错过了什么？

Answer 1

我遇到了同样的问题。简要说明导致问题的原因：

• 启动没有附加任何角色的实例
• 然后在该计算机上安装codedeploy-agent
• 最后只将IAM角色附加到机器

结果：我收到错误：Missing credentials - please check if this instance was started with an IAM instance profile

解决方案：重新启动codedeploy代理。使用：

sudo service codedeploy-agent restart

错误现在应该消失了！

Answer 2

我收到了“请检查此实例是否以IAM实例配置文件启动”。要检查您的实例是否在没有IAM配置文件的情况下启动，请转到AWS控制台->您的实例->在“说明”标签中选择“ IAM角色”值，如果为空，则您已启动了没有IAM的实例，这是解决问题的方法：

1. 转到IAM控制台->角色->创建新角色

   选择AWS Service-> EC2->下一步：权限（不要更改任何内容）->下一步：标签->下一步：审阅->输入名称并单击创建角色。

2. 转到AWS EC2控制台->选择实例->操作->实例设置->附加/替换IAM角色->选择刚创建的IAM角色

3. 重新启动代码部署代理：sudo服务codedeploy-agent重新启动

4. 尝试再次部署，它应该可以工作

Answer 3

事实证明，默认情况下Debian没有安装curl。在发出curl请求以获取运行服务器的区域之前安装curl是Bash脚本中缺少的部分。

Answer 4

实例角色权限对我来说很好。但是IAM实例配置文件仅在实例启动时第一次添加。您可以在启动实例之前确保实例角色具有正确的权限吗？

Answer 5

这就是 2021 年在 Ubuntu 16.04 上对我有用的方法

从 Python 3.5.2 升级到 3.6

https://www.rosehosting.com/blog/how-to-install-python-3-6-on-ubuntu-16-04/ 使用 sudo ...

cd /opt
wget https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tgz
tar -xvf Python-3.6.3.tgz
cd Python-3.6.3
./configure
apt-get install zlib1g-dev
make
make install

安装最新版本的 aws cli v1

• https://docs.aws.amazon.com/cli/latest/userguide/install-linux.html

cd ~
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws

修改实例元数据

https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html

aws ec2 modify-instance-metadata-options \
  --instance-id ${FOO_ID} \
  --http-tokens optional \
  --http-endpoint enabled

为 Ubuntu Server 安装 CodeDeploy 代理

https://docs.aws.amazon.com/codedeploy/latest/userguide/codedeploy-agent-operations-install-ubuntu.html

sudo apt-get update
sudo apt-get install ruby
sudo apt-get install wget
cd /home/ubuntu
wget https://aws-codedeploy-us-west-2.s3.us-west-2.amazonaws.com/latest/install
chmod +x ./install
sudo ./install auto
sudo service codedeploy-agent restart
sudo service codedeploy-agent status

查看 Amazon Linux、RHEL 和 Ubuntu Server 实例上的部署日志文件

https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-view-logs.html

tail -f /var/log/aws/codedeploy-agent/codedeploy-agent.log
tail -f /opt/codedeploy-agent/deployment-root/deployment-logs/codedeploy-agent-deployments.log