Amazon web services AWS云信息从专用S3 AWS4-HMAC-SHA256下载文件
我试图在cloudformation构建期间使用此模板从S3 bucket下载文件 它失败了,并显示以下错误消息 不支持您提供的授权机制。请 使用AWS4-HMAC-SHA256 使用此模板Amazon web services AWS云信息从专用S3 AWS4-HMAC-SHA256下载文件,amazon-web-services,amazon-s3,amazon-cloudformation,Amazon Web Services,Amazon S3,Amazon Cloudformation,我试图在cloudformation构建期间使用此模板从S3 bucket下载文件 它失败了,并显示以下错误消息 不支持您提供的授权机制。请 使用AWS4-HMAC-SHA256 使用此模板 以下是从私有S3下载文件的正确步骤 我还遇到了“AWS4-HMAC-SHA256”错误。我将解释该场景,以及我是如何修复该错误的,以便对其他人有所帮助。出现错误,因为我的存储桶所在的区域与提供cloudformation堆栈的区域不同 使用https://amazonaws.com//作为bucket对
以下是从私有S3下载文件的正确步骤 我还遇到了“AWS4-HMAC-SHA256”错误。我将解释该场景,以及我是如何修复该错误的,以便对其他人有所帮助。出现错误,因为我的存储桶所在的区域与提供cloudformation堆栈的区域不同
- 使用
作为bucket对象urlhttps://amazonaws.com//
- 您需要在身份验证部分使用与EC2实例的实例配置文件中使用的角色相同的角色
Resources:
MyEC2:
Type: "AWS::EC2::Instance"
Properties:
IamInstanceProfile: !Ref IAMRoleS3FullAccessInstanceProfile
......
Metadata:
AWS::CloudFormation::Authentication:
S3BucketAccessCredential:
type: "S3"
roleName: !Ref IAMRoleS3FullAccess
AWS::CloudFormation::Init:
config:
.....
files:
/etc/nginx/sites-available/webserver:
source: "https://<bucket-region>amazonaws.com/<bucket>/<file-name>"
mode: "000600"
owner: root
group: root
authentication: "S3BucketAccessCredential"
# S3 Access role
IAMRoleS3FullAccess:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
# Instance profile
IAMRoleS3FullAccessInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref IAMRoleS3FullAccess
资源:
MyEC2:
类型:“AWS::EC2::实例”
特性:
IAMSInstanceProfile:!参考IAMRoleS3FullAccessInstanceProfile
......
元数据:
AWS::CloudFormation::身份验证:
S3BucketAccessCredential:
类型:“S3”
罗莱娜:!参考IAMRoleS3FullAccess
AWS::CloudFormation::Init:
配置:
.....
文件夹:
/etc/nginx/sites available/webserver:
来源:“https://amazonaws.com//"
模式:“000600”
所有者:root
组:根
身份验证:“S3BucketAccessCredential”
#S3访问角色
IAM角色3完全访问:
类型:AWS::IAM::角色
特性:
ManagedPolicyArns:
-“arn:aws:iam::aws:policy/AmazonS3FullAccess”
假设政策文件:
版本:'2012-10-17'
声明:
-效果:允许
负责人:
服务:
-ec2.amazonaws.com
行动:
-sts:假设角色
路径:“/”
#实例配置文件
IAMRoleS3FullAccessInstanceProfile:
类型:AWS::IAM::InstanceProfile
特性:
路径:“/”
角色:
- !参考IAMRoleS3FullAccess
这根本没有帮助。OP发出该错误消息是因为某些地区(例如eu-central-1)的存储桶仅支持使用“AWS4-HMAC-SHA256”机制进行身份验证。不幸的是,我没有找到任何解决方案来将其设置为cloudformation。
Resources:
MyEC2:
Type: "AWS::EC2::Instance"
Properties:
IamInstanceProfile: !Ref IAMRoleS3FullAccessInstanceProfile
......
Metadata:
AWS::CloudFormation::Authentication:
S3BucketAccessCredential:
type: "S3"
roleName: !Ref IAMRoleS3FullAccess
AWS::CloudFormation::Init:
config:
.....
files:
/etc/nginx/sites-available/webserver:
source: "https://<bucket-region>amazonaws.com/<bucket>/<file-name>"
mode: "000600"
owner: root
group: root
authentication: "S3BucketAccessCredential"
# S3 Access role
IAMRoleS3FullAccess:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
# Instance profile
IAMRoleS3FullAccessInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref IAMRoleS3FullAccess