Amazon web services 使用AWS CLI调整红移群集大小的问题
虽然,我已经解决了这个问题;但是在这里分享我的经验,这样如果有人陷入困境,这可能会对你有所帮助 根据我们的用例,我们使用AWS提供的CLI定期调整AWS红移集群的大小 我们曾经使用以下脚本:Amazon web services 使用AWS CLI调整红移群集大小的问题,amazon-web-services,amazon-redshift,aws-cli,Amazon Web Services,Amazon Redshift,Aws Cli,虽然,我已经解决了这个问题;但是在这里分享我的经验,这样如果有人陷入困境,这可能会对你有所帮助 根据我们的用例,我们使用AWS提供的CLI定期调整AWS红移集群的大小 我们曾经使用以下脚本: aws redshift modify-cluster --region=eu-west-1 --cluster-identifier test-cluster --node-type dc1.large --number-of-nodes 2 它抛出了以下错误: An error occurred (
aws redshift modify-cluster --region=eu-west-1 --cluster-identifier test-cluster --node-type dc1.large --number-of-nodes 2
它抛出了以下错误:
An error occurred (InternalFailure) when calling the ModifyCluster operation (reached max retries: 4): An internal error has occurred. Please try your query again at a later time.
我试着在谷歌上用一条错误信息进行搜索,但看不出多少信息。我已经检查了AWS密钥是否正确部署在我运行脚本的机器上
这里的问题是什么?为什么会这样?我与AWS支持团队取得了联系。它提出了以下解决方案 我出错的原因是,当红移平台试图代表我的帐户进行描述VPC调用时,它得到了一个未经授权的异常,红移平台正在吞并并冒泡内部故障 我必须向一个IAM用户添加一个新的IAM策略,我正在使用该策略调整您的红移群集的大小
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"redshift:*",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"sns:CreateTopic",
"sns:Get*",
"sns:List*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudwatch:PutMetricAlarm",
"cloudwatch:EnableAlarmActions",
"cloudwatch:DisableAlarmActions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "redshift.amazonaws.com"
}
}
}
]
}
我联系了AWS支持团队。它提出了以下解决方案 我出错的原因是,当红移平台试图代表我的帐户进行描述VPC调用时,它得到了一个未经授权的异常,红移平台正在吞并并冒泡内部故障 我必须向一个IAM用户添加一个新的IAM策略,我正在使用该策略调整您的红移群集的大小
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"redshift:*",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"sns:CreateTopic",
"sns:Get*",
"sns:List*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudwatch:PutMetricAlarm",
"cloudwatch:EnableAlarmActions",
"cloudwatch:DisableAlarmActions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "redshift.amazonaws.com"
}
}
}
]
}