amazon-web-services - InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller:缺少凭据

Question

我正在尝试使用 AWS CodeDeploy 将 GitHub 项目部署到 EC2 实例。在遵循 2 个视频教程和一堆 Google 答案之后，我仍然收到以下错误:

2017-02-01 12:20:08 INFO  [codedeploy-agent(1379)]: master 1379: Spawned child 1/1
2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: On Premises config file does not exist or not readable
2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandExecutor: Archives to retain is: 5}
2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: Version file found in /opt/codedeploy-agent/.version.
2017-02-01 12:20:09 ERROR [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile

我有两个 IAM:

CodeDeployInstanceRole

代码部署服务角色

EC2 实例的 CodeDeployInstanceRole

策略名称 :AmazonEC2RoleforAWSCodeDeploy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:ListObjects"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

策略名称 :AutoScalingNotificationAccessRole

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Resource": "*",
        "Action": [
            "sqs:SendMessage",
            "sqs:GetQueueUrl",
            "sns:Publish"
        ]
      }
    ]
}

信任关系

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "codedeploy.amazonaws.com",
          "ec2.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

CodeDeploy 的 CodeDeployServiceRole

策略名称 :AWSCodeDeployRole

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "autoscaling:CompleteLifecycleAction",
        "autoscaling:DeleteLifecycleHook",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DescribeLifecycleHooks",
        "autoscaling:PutLifecycleHook",
        "autoscaling:RecordLifecycleActionHeartbeat",
        "autoscaling:CreateAutoScalingGroup",
        "autoscaling:UpdateAutoScalingGroup",
        "autoscaling:EnableMetricsCollection",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DescribePolicies",
        "autoscaling:DescribeScheduledActions",
        "autoscaling:DescribeNotificationConfigurations",
        "autoscaling:DescribeLifecycleHooks",
        "autoscaling:SuspendProcesses",
        "autoscaling:ResumeProcesses",
        "autoscaling:AttachLoadBalancers",
        "autoscaling:PutScalingPolicy",
        "autoscaling:PutScheduledUpdateGroupAction",
        "autoscaling:PutNotificationConfiguration",
        "autoscaling:PutLifecycleHook",
        "autoscaling:DescribeScalingActivities",
        "autoscaling:DeleteAutoScalingGroup",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:TerminateInstances",
        "tag:GetTags",
        "tag:GetResources",
        "sns:Publish",
        "cloudwatch:DescribeAlarms",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
        "elasticloadbalancing:DeregisterInstancesFromLoadBalancer"
      ],
      "Resource": "*"
    }
  ]
}

信任关系

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "codedeploy.amazonaws.com",
          "ec2.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

EC2 实例

我旋转了我自己基于 Debian 创建的镜像，所以我已经安装了 NodeJS。当我旋转新实例时，我还将以下代码粘贴到 User data 文本区域中，以确保已安装 CodeDeploy。

#!/bin/bash -x

REGION=$(curl 169.254.169.254/latest/meta-data/placement/availability-zone/ | sed 's/[a-z]$//') &&

sudo apt-get update -y &&

sudo apt-get install -y python-pip &&

sudo apt-get install -y ruby &&

sudo apt-get install -y wget &&

cd /home/admin &&

wget https://aws-codedeploy-$REGION.s3.amazonaws.com/latest/install &&

chmod +x ./install &&

sudo ./install auto &&

sudo apt-get remove -y wget &&

sudo service codedeploy-agent start

调试

如果我登录我创建的 EC2 实例，并执行以下命令:

echo $(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/)

我得到以下响应 CodeDeployInstanceRole
当我然后执行

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/CodeDeployInstanceRole

我得到以下回复

{
  "Code" : "Success",
  "LastUpdated" : "2017-02-01T12:38:07Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "THE_KEY",
  "SecretAccessKey" : "SECRET",
  "Token" : "TOKEN",
  "Expiration" : "2017-02-01T19:08:43Z"
}

在 GitHub 上，我看到 CodeDeploy 从不访问我的存储库，即使我选择使用 GitHub 部署，我设置了正确的存储库名称和提交 ID。



题

我错过了什么？

Answer 1

我遇到了同样的问题。简要说明导致问题的原因:

启动一个没有附加任何角色的实例

然后在那台机器上安装一个 codedeploy-agent

最后才将 IAM 角色附加到机器

结果:我收到错误: Missing credentials - please check if this instance was started with an IAM instance profile
解决方案 : 重新启动 codedeploy 代理。用:

sudo service codedeploy-agent restart

错误现在应该消失了!