我正在尝试使用Cloudwatch监控脚本将内存,磁盘和交换利用率的指标从EC2实例发送到Cloudwatch。为了运行脚本,我需要提供AWS凭证或IAM角色。在尝试使用IAM角色时,我发现我收到以下错误
[ec2-user@ip-x-x-x-x aws-scripts-mon]$ /home/ec2-user/aws-scripts-
mon/mon-put-instance-data.pl --mem-util --mem-used --mem-avail --auto-
scaling=only --verbose --aws-iam-role=ACCT-CloudWatch-
service-role
Using AWS credentials file </home/ec2-user/aws-scripts-
mon/awscreds.conf>
WARNING: Failed to call EC2 to obtain Auto Scaling group name. HTTP
Status Code: 0. Error Message: Failed to obtain credentials for IAM
role ACCT-CloudWatch-service-role. Available roles: ACCT-service-role
WARNING: The Auto Scaling metrics will not be reported this time.
[ec2-user@ip-x-x-x-x aws-scripts-mon]$
这就是我的IAM政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingNotificationTypes",
"autoscaling:DescribeAutoScalingInstances",
"ec2:DescribeTags",
"autoscaling:DescribePolicies",
"logs:DescribeLogStreams",
"autoscaling:DescribeTags",
"autoscaling:DescribeLoadBalancers",
"autoscaling:*",
"ssm:GetParameter",
"logs:CreateLogGroup",
"logs:PutLogEvents",
"ssm:PutParameter",
"logs:CreateLogStream",
"cloudwatch:*",
"autoscaling:DescribeAutoScalingGroups",
"ec2:*",
"kms:*",
"autoscaling:DescribeLoadBalancerTargetGroups"
],
"Resource": "*"
}
]
}
我能错过什么?
答案 0 :(得分:0)
该消息指出问题来自它尝试使用的角色:
无法获取IAM的凭据 角色ACCT-CloudWatch-service-role。可用角色:ACCT-service-role
将命令的这一部分修改为--aws-iam-role=ACCT-
service-role(我假设此角色是正确配置的)