AWS:IAM权限差异

时间:2018-08-31 07:24:57

标签: amazon-web-services amazon-s3 amazon-cloudformation amazon-iam

我正在使用AWS提供的this模板来配置ECS集群。

我还想从s3存储桶中添加文件,但是添加以下内容时

 files:
    "/home/ec2-user/.ssh/authorized_keys":
      mode: "000600"
      owner: ec2-user
      group: ec2-user
      source: "https://s3-eu-west-1.amazonaws.com/mybucket/myfile"

配置失败,并在/var/log/cfn-init.log中出现此错误

[root@ip-10-17-19-56 ~]# tail -f /var/log/cfn-init.log 
  File "/usr/lib/python2.7/dist-packages/cfnbootstrap/construction.py", line 251, in build
    changes['files'] = FileTool().apply(self._config.files, self._auth_config)
  File "/usr/lib/python2.7/dist-packages/cfnbootstrap/file_tool.py", line 138, in apply
    self._write_file(f, attribs, auth_config)
  File "/usr/lib/python2.7/dist-packages/cfnbootstrap/file_tool.py", line 225, in _write_file
    raise ToolError("Failed to retrieve %s: %s" % (source, e.strerror))
ToolError: Failed to retrieve https://s3-eu-west-1.amazonaws.com/mybucket/myfile: HTTP Error 403 : <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C6CDAC18E57345BF</RequestId><HostId>VFCrqxtbAsTeFrGxp/nzgBqJdwC7IsS3phjvPq/YzhUk8zuRhemquovq3Plc8aqFC73ki78tK+U=</HostId></Error>

但是在实例中(无上节),以下命令成功!

aws s3 cp s3://mybucket/myfile .

1 个答案:

答案 0 :(得分:0)

您需要使用AWS::CloudFormation::Authentication资源为您使用AWS :: CloudFormation :: Init资源指定的文件或源指定身份验证凭证。

示例:

// Appscript.json
    ...
    "urlFetchWhitelist": [
      "https://url.com/"
    ],
    ...

// Code.gs
function onOpen(){
    spreadsheet.addMenu("Importer", [{
        name : "Run importer",
        functionName : "runImporter"
    }]);
}

...
function runImporter(){
    ...
    ApiModule.getAuth();
    ...
}

// Api Module
var getAuth = function() {
    var payload = {};
    payload.grant_type = "password";
    payload.username = properties.getProperty('username');
    payload.password = properties.getProperty('password');
    payload.client_id = properties.getProperty('id');
    payload.client_secret = properties.getProperty('secret');

    payload = JSON.stringify(payload);

    try {
        var url = properties.getProperty('url') + "/api/endpoint";
        var headers = {
            "Content-Type": "application/json"
        };

        var options = {
            "method":"POST",
            "contentType" : "application/json",
            "headers": headers,
            "payload" : payload
        };

        var response = UrlFetchApp.fetch(url, options);
        response = JSON.parse(response);
        return response;
    } catch (error) {
        spreadsheet.toast(error, 'Error!');
        throw new Error(error);
    }
};
相关问题
最新问题