我尝试使用SSL设置AWS弹性beanstalk单个实例,我想将私钥存储在S3中并让实例在部署后检索密钥(以避免将私钥提交到版本控制)。
根据AWS文档:http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-storingprivatekeys.html,我已经设置了我的配置,存储在myproject / .ebextensions / privatekey.config中:
Resources:
AWSEBAutoScalingGroup:
Metadata:
AWS::CloudFormation::Authentication:
S3Auth:
type: "s3"
buckets: ["my_bucket"]
roleName:
"Fn::GetOptionSetting":
Namespace: "aws:autoscaling:launchconfiguration"
OptionName: "IamInstanceProfile"
DefaultValue: "aws-elasticbeanstalk-ec2-role"
files:
# Private key
/path/to/private/key:
mode: "000400"
owner: root
group: root
authentication: "S3Auth"
source: https://s3.eu-west-2.amazonaws.com/my_s3_bucket/my_private_key
但是,每当我部署时,我都会收到错误消息:
Command failed on instance. Return code: 1 Output: Failed to retrieve https://s3.eu-west-2.amazonaws.com/my_bucket/my_private_key: 'NoneType' object has no attribute 'is_default'.
我已检查弹性beanstalk中的配置,并且项目具有aws-elasticbeanstalk-ec2-role的实例配置文件,并且此角色肯定具有适用于S3的正确策略(我甚至已将其分配给AmazonS3FullAccess,它不应该'是必要的!)
当我使用可公开访问的文件进行测试时,我可以让它正常工作。但是,不是在文件是私有的时候。
答案 0 :(得分:0)
我在 eu-west-2 区域中遇到了EC2实例的问题。我无法在其他地区复制它。
如果您遇到此问题,并且EC2实例位于eu-west-2区域,请尝试解决此问题,只需格式化URL:
代替:
https://s3.eu-west-2.amazonaws.com/elasticbeanstalk-eu-west-2-XXXXXXXXX/yourfolderpath/server.key
<强>尝试:
https://elasticbeanstalk-eu-west-2-XXXXXXXXX.s3-eu-west-2.amazonaws.com/yourfolderpath/server.key