amazon-web-services - cfn-init 错误 : Unable to retrieve remote metadata : No credentials

Question

我有一个测试模板，它使用 cfn-init 从 S3 存储桶下载单个非公开文件。和一个AWS::CloudFormation::Authentication和AWS::CloudFormation::Init部分。

这在 Amazon AMI 上成功运行，但在 Ubuntu AMI 上失败并出现以下错误:

WARNING [2017-10-29 12:01:03,541] Unable to retrieve remote metadata : No credentials!WARNING [2017-10-29 12:01:03,541] Unable to open local metadata : /var/cache/heat-cfntools/last_metadataWARNING [2017-10-29 12:01:03,542] Unable to open local metadata : /var/lib/heat-cfntools/cfn-init-dataERROR [2017-10-29 12:01:03,542] Unable to read any valid metadata!ERROR [2017-10-29 12:01:03,542] Error processing metadataTraceback (most recent call last):  File "/usr/bin/cfn-init", line 68, in     metadata.cfn_init()  File "/usr/lib/python2.7/dist-packages/heat_cfntools/cfntools/cfn_helper.py", line 1270, in cfn_init    raise Exception("invalid metadata")Exception: invalid metadata

The full template - https://pastebin.com/e072d5GF.

I found a similar question on Launchpad, but it has no answer.

Edit: This is the output from curl 169.254.169.254/latest/meta-data/iam/info/:

{
  "Code" : "InstanceProfileNotFound",
  "Message" : "Instance Profile with Id AIPAJWC744OTCCS55JMTW cannot be found.  Please see documentation at http://docs.amazonwebservices.com/IAM/latest/UserGuide/RolesTroubleshooting.html.",
  "LastUpdated" : "2017-10-29T12:26:01Z"
}

Answer 1

您正在指定一个名为“s3access”的角色，但您并未声明它。如果它尚不存在，您需要创建它。

将其添加到资源中，并更改 Bucket_Name(2 个条目)和 Path_Name(1 个条目)以匹配您的配置:

"s3access": {
"Type": "AWS::IAM::Role",
"Properties": {
    "AssumeRolePolicyDocument": {
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Principal": {
                "Service": ["ec2.amazonaws.com"]
            },
            "Action": ["sts:AssumeRole"]
        }]
    },
    "Path": "/",
    "Policies": [{
        "PolicyName": "S3_Read",
        "PolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [{
                    "Effect": "Allow",
                    "Action": "s3:GetObject",
                    "Resource": [{
                        "Fn::Join": ["", ["arn:aws:s3:::", "Bucket_Name", "/Path_Name/*"]]
                    }, ]
                },
                {
                    "Effect": "Allow",
                    "Action": "s3:ListBucket",
                    "Resource": [{
                        "Fn::Join": ["", ["arn:aws:s3:::", "Bucket_Name"]]
                    }]
                }
            ]
        }
    }]
}

}