我曾经以root用户身份将Java Web应用程序部署到Elastic Beanstalk(EC2),而没有此问题。现在,我使用一种推荐的方式以IAM服务用户身份进行部署,但出现以下错误。我怀疑这是由于缺少权限(策略)导致的,但我不知道应该为IAM用户分配哪些策略。
问题:您能帮我找到正确的政策吗?
命令:
eb init --profile eb_admin
eb create --single
第二个命令的输出:
Printing Status:
2019-05-26 12:08:58 INFO createEnvironment is starting.
2019-05-26 12:08:59 INFO Using elasticbeanstalk-eu-central-1-726173845157 as Amazon S3 storage bucket for environment data.
2019-05-26 12:09:26 INFO Created security group named: awseb-e-ire9qdzahd-stack-AWSEBSecurityGroup-L5VUAQLDAA9F
2019-05-26 12:09:42 ERROR Stack named 'awseb-e-ire9qdzahd-stack' aborted operation. Current state: 'CREATE_FAILED' Reason: The following resource(s) failed to create: [MountTargetSecurityGroup, AWSEBEIP, sslSecurityGroupIngress, FileSystem].
2019-05-26 12:09:42 ERROR Creating security group failed Reason: The vpc ID 'vpc-7166611a' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidVpcID.NotFound; Request ID: c1d0ce4d-830d-4b0c-9f84-85d8da4f7243)
2019-05-26 12:09:42 ERROR Creating EIP: 54.93.84.166 failed. Reason: Resource creation cancelled
2019-05-26 12:09:42 ERROR Creating security group ingress named: sslSecurityGroupIngress failed Reason: Resource creation cancelled
2019-05-26 12:09:44 INFO Launched environment: stack-overflow-dev. However, there were issues during launch. See event log for details.
重要!
我使用一些.ebextensions脚本来初始化环境:
查看日志后,我还注意到我忘记创建EFS文件系统所需的VPC。可能是1个失败的脚本(storage-efs-createfilesystem)是后续失败操作的根本原因吗?
答案 0 :(得分:0)
是的,缺少VPC导致其他资源无法创建。 Elastic Beanstalk和storage-efs-createfilesystem扩展在下面使用CloudFormation。
storage-efs-createfilesystem Cfn模板创建MountTargetSecurityGroup SG,由于缺少VPC而失败。然后,将取消AWSEBEIP,sslSecurityGroupIngress和FileSystem资源创建。