Question

我试图将IAM角色附加到AWS Fargate容器。没有错误，容器可以执行。但是，容器无法调用AWS API。

从容器中：

运行aws命令时，出现Unable to locate credentials错误
curl至http://169.254.169.254/latest/meta-data/iam/info未成功

我的任务定义：

{
  "executionRoleArn": "arn:aws:iam::my-account-id:role/test-ecs-role",
  "containerDefinitions": [
    {
      "dnsSearchDomains": null,
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "Fargate",
          "awslogs-region": "us-west-2",
          "awslogs-stream-prefix": "my-app"
        }
      },
      "entryPoint": null,
      "portMappings": [],
      "command": null,
      "linuxParameters": null,
      "cpu": 0,
      "environment": [],
      "ulimits": null,
      "dnsServers": null,
      "mountPoints": [],
      "workingDirectory": null,
      "dockerSecurityOptions": null,
      "memory": null,
      "memoryReservation": null,
      "volumesFrom": [],
      "image": "my-account-id.dkr.ecr.us-west-2.amazonaws.com/app/submit_data:3e87860f128a286d9b557c90664ad99c",
      "disableNetworking": null,
      "healthCheck": null,
      "essential": true,
      "links": null,
      "hostname": null,
      "extraHosts": null,
      "user": null,
      "readonlyRootFilesystem": null,
      "dockerLabels": null,
      "privileged": null,
      "name": "my-app"
    }
  ],
  "placementConstraints": [],
  "memory": "2048",
  "taskRoleArn": "arn:aws:iam::my-account-id:role/MasterFargate",
  "compatibilities": [
    "EC2",
    "FARGATE"
  ],
  "taskDefinitionArn": "arn:aws:ecs:us-west-2:my-account-id:task-definition/my-app:10",
  "family": "my-app",
  "requiresAttributes": [
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.execution-role-ecr-pull"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.task-eni"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.ecr-auth"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.task-iam-role"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.execution-role-awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
    }
  ],
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "networkMode": "awsvpc",
  "cpu": "256",
  "revision": 10,
  "status": "ACTIVE",
  "volumes": []
}

我该怎么做才能让它发挥作用？感谢。

Answer 1

同样的症状，我的问题通过通过pip安装最新的var string = 'https://secretStar.22.test.com/l/{"mode":"test","app":"revenue:app","param2":1,"loaded":{"APPLICATION@markup://revenue:app":"unique_identifier"},"pathPrefix":"","xx":1}/script22.js'; var data = JSON.parse(string.match(/({.+})[^}]+/)[1]); for(key of Object.keys(data)) { console.log(`${key}: ${data[key]}`) }而不是使用打包版本来解决。

较旧的版本（例如ubuntu trusty中可用的版本）不支持从Fargate运行。

将taskRoleArn附加到AWS Fargate不起作用

1 个答案: