Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/6/mongodb/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 无法通过AWS配置文件担任角色_Amazon Web Services_Amazon Iam_Botocore - Fatal编程技术网
Fatal编程技术网

Amazon web services 无法通过AWS配置文件担任角色

amazon-web-services

Amazon web services 无法通过AWS配置文件担任角色,amazon-web-services,amazon-iam,botocore,Amazon Web Services,Amazon Iam,Botocore,我们总是使用以下方法在远程机器上担任超过一小时的角色: # Prep environment to use roles. unset AWS_CONFIG_FILE unset AWS_DEFAULT_REGION unset AWS_DEFAULT_PROFILE CONFIG_FILE=$(mktemp) # Creates temp file with instance profile credentials as default # AWS_ACCESS_KEY_ID, AWS_SE

我们总是使用以下方法在远程机器上担任超过一小时的角色:

# Prep environment to use roles.
unset AWS_CONFIG_FILE
unset AWS_DEFAULT_REGION
unset AWS_DEFAULT_PROFILE

CONFIG_FILE=$(mktemp)

# Creates temp file with instance profile credentials as default
# AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ROLE_ARN are available from the environment.
printf "[default]\naws_access_key_id=$AWS_ACCESS_KEY_ID\naws_secret_access_key=$AWS_SECRET_ACCESS_KEY\n[profile role_profile]\nrole_arn = $ROLE_ARN\nsource_profile = default" > $CONFIG_FILE

# make sure instance profile takes precedence
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN

export AWS_CONFIG_FILE=$CONFIG_FILE
export AWS_DEFAULT_REGION=us-east-1
export AWS_DEFAULT_PROFILE=role_profile
不幸的是,这种方法最近开始失败。我们只需运行以下命令即可重现故障:

aws sts get-caller-identity

--debug
标志添加到最后一个命令:

09:11:47 2018-06-21 14:11:47,731 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.15.40 Python/2.7.12 Linux/4.9.76-3.78.amzn1.x86_64 botocore/1.10.40
...
09:11:47 2018-06-21 14:11:47,811 - MainThread - botocore.hooks - DEBUG - Event choose-signer.sts.GetCallerIdentity: calling handler <function set_operation_specific_signer at 0x7f22d19a6ed8>
09:11:47 2018-06-21 14:11:47,812 - MainThread - botocore.credentials - WARNING - Refreshing temporary credentials failed during mandatory refresh period.
09:11:47 Traceback (most recent call last):
09:11:47   File "/var/lib/jenkins/.local/lib/python2.7/site-packages/botocore/credentials.py", line 432, in _protected_refresh
...
09:11:47     raise KeyError(cache_key)
09:11:47 KeyError: 'xxxx' (redacted)
09:11:47 2018-06-21 14:11:47,814 - MainThread - awscli.clidriver - DEBUG - Exiting with rc 255

09:11:47 2018-06-21 14:11:47731-主线程-awscli.clidriver-调试-CLI版本:aws CLI/1.15.40 Python/2.7.12 Linux/4.9.76-3.78.amzn1.x86_64 botocore/1.10.40
...
09:11:47 2018-06-21 14:11:47811-主线程-botocore.hooks-调试-事件选择-signer.sts.GetCallerIdentity:调用处理程序
09:11:47 2018-06-21 14:11:47812-主线程-botocore.credentials-警告-在强制刷新期间刷新临时凭据失败。
09:11:47回溯(最近一次呼叫最后一次):
09:11:47文件“/var/lib/jenkins/.local/lib/python2.7/site packages/botocore/credentials.py”,第432行,在受保护的刷新中
...
09:11:47升起键错误(缓存键)
09:11:47键错误:“xxxx”(已编辑)
09:11:47 2018-06-21 14:11:47814-主线程-awscli.clidriver-调试-使用rc 255退出
显然,Python“缓存”字典中缺少一个键。

显而易见的解决方案就是找到并删除缓存:

rm ~/.aws/cli/cache
但这并不能解释这是如何开始发生的(以及它是否会再次发生)。有人能解释一下发生了什么吗?

也许,
~/.aws/cli
中的权限是错误的

检查权限:

ls -la ~/.aws/cli
ls -la ~/.aws/cli/cache
您的文件可能具有错误的权限或所有权。更正它们,aws cli命令将正常工作

~/.aws/cli/cache
中的文件所需的权限为
-rw------

希望能有帮助