验证失败:AWS无法验证提供的访问凭证

时间:2020-03-04 16:51:24

标签: amazon-web-services gitlab gitlab-ci aws-cli gitlab-ci-runner

我正在尝试使用AWS创建我的Gitlab CI / CD管道。目标是终止现有EC2实例,从模板运行新实例,然后将弹性IP关联到新EC2。我正在使用的运行程序是使用python:latest映像的Docker运行程序。当我运行CI / CD管道时,我得到

An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials

我的.gitlab-ci.yml如下:

stages:
  - build
AWS_Install:
  image: python:latest
  stage: build
  tags:
    - Docker
  script:
    - pip install awscli
    - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
    - export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
    - export AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION
    - echo "running script :)"
    - OLDEC2=$(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query "Reservations[*].Instances[*].[InstanceId]" --output text) 
    - aws ec2 terminate-instances --instance-ids "$OLDEC2"
    - sleep 200.0
    - aws ec2 run-instances --launch-template LaunchTemplateId=[launch-template-id],Version=12
    - sleep 120.0
    - NEWEC2=$(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query "Reservations[*].Instances[*].[InstanceId]" --output text)
    - aws ec2 associate-address --allocation-id [allocation-id] --instance-id "$NEWEC2" --allow-reassociation
What I've checked/tried:
    - AWS credentials: They are correct and valid
    - aws configure: Everything sets correctly (checked using aws configure get)
    - Ensured UNIX line endings were being used
    - Adding a variable section to the YAML file to include environment variables
    - Hardcoding credential values
    - New user on AWS with all necessary credentials
    - Using export to get the environment variables
    - Running everything in one script rather than having a before script
    - Having multiple stages/Jobs

1 个答案:

答案 0 :(得分:0)

原来的解决方案是在GitLab上使用公共跑步程序,而不是在客户上使用。