gpt4 book ai didi

amazon-web-services - 如何在ECS(容器存储)上对AWS EBS(Beanstalk)进行身份验证? AccessDeniedException

转载 作者:行者123 更新时间:2023-12-02 21:30:06 30 4
gpt4 key购买 nike

我是使用AWS EBS和ECS的新手,因此,如果我提出对其他人来说可能很明显的问题,请原谅我。问题:
我已在同一AWS云区域中配置了EBS和ECS。我已推开容器,可以在ECS中看到图像。 EBS环境是使用指向ECS的Dockerrun.aws.json构建的。在EBS的构建过程中,出现以下错误:

2020/11/02 20:50:25.858567 [INFO] authenticate with ECR if the image is in an ECR repo
2020/11/02 20:50:25.858582 [INFO] Running command /bin/sh -c aws ecr get-login --no-include-email --registry-ids 731178912345 --region eu-west-1
2020/11/02 20:50:28.355911 [ERROR] An error occurred during execution of command [app-deploy] - [Docker Specific Build Application]. Stop running the command. Error: failed to authenticate with ECR for registry 731178912XXX in eu-west-1: Command /bin/sh -c aws ecr get-login --no-include-email --registry-ids 731178912XXX --region eu-west-1 failed with error exit status 255. Stderr:
An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:sts::731178912XXX:assumed-role/aws-elasticbeanstalk-ec2-role/i-0bff9b5324348ea71 is not authorized to perform: ecr:GetAuthorizationToken on resource: *
我在某处读到标识会自动传递给身份验证程序。我找不到解决该问题的方法。也许有人可以帮助我?
先感谢您!
编辑:
在添加了所讨论的权限之后,我得到了这些:
2020/11/03 09:17:46.490399 [INFO] pull docker image if update is not false in Dockerrun.aws.json
2020/11/03 09:17:46.490431 [INFO] Running command /bin/sh -c docker pull 731178912XXX.dkr.ecr.eu-west-1.amazonaws.com/user/project:latest
2020/11/03 09:17:46.576648 [WARN] failed to execute command: docker pull 731178912XXX.dkr.ecr.eu-west-1.amazonaws.com/user/project:latest, retrying...
2020/11/03 09:17:46.576673 [INFO] Running command /bin/sh -c docker pull 731178912XXX.dkr.ecr.eu-west-1.amazonaws.com/user/project:latest
2020/11/03 09:17:46.659379 [ERROR] An error occurred during execution of command [app-deploy] - [Docker Specific Build Application]. Stop running the command. Error: failed to pull docker image: Command /bin/sh -c docker pull 731178912XXX.dkr.ecr.eu-west-1.amazonaws.com/user/project:latest failed with error exit status 1. Stderr:Error response from daemon: pull access denied for 731178912XXX.dkr.ecr.eu-west-1.amazonaws.com/user/project, repository does not exist or may require 'docker login': denied: User: arn:aws:sts::731178912XXX:assumed-role/aws-elasticbeanstalk-ec2-role/i-0aa453e0d44cdfa90 is not authorized to perform: ecr:BatchGetImage on resource: arn:aws:ecr:eu-west-1:731178912XXX:repository/user/project

最佳答案

您的aws-elasticbeanstalk-ec2-role实例角色没有执行ecr:GetAuthorizationToken的权限。
您可以通过在inline policy角色中添加aws-elasticbeanstalk-ec2-role来解决此问题:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ecr:GetAuthorizationToken",
"Resource": "*"
}
]
}
请注意,在此之后可能需要更多权限。您可以用相同的方式添加它们。

关于amazon-web-services - 如何在ECS(容器存储)上对AWS EBS(Beanstalk)进行身份验证? AccessDeniedException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64657989/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com