Node.js Amazon Elastic Beanstalk,可访问Amazon S3的文件
亲爱的朋友们 我的Amazon Elastic Beanstalk和Amazon S3设置有问题 从EB实例中,我想加载一个带有节点的文件(Node.js Amazon Elastic Beanstalk,可访问Amazon S3的文件,node.js,amazon-web-services,amazon-s3,amazon-elastic-beanstalk,amazon-iam,Node.js,Amazon Web Services,Amazon S3,Amazon Elastic Beanstalk,Amazon Iam,亲爱的朋友们 我的Amazon Elastic Beanstalk和Amazon S3设置有问题 从EB实例中,我想加载一个带有节点的文件(fs.readFileSync),我尝试了大量的配置,但没有一个有效,所以你是我最后的希望 这是我的.ebextensions/key.config: Resources: AWSEBAutoScalingGroup: Metadata: AWS::CloudFormation::Authentication: S3A
fs.readFileSync
),我尝试了大量的配置,但没有一个有效,所以你是我最后的希望
这是我的.ebextensions/key.config
:
Resources:
AWSEBAutoScalingGroup:
Metadata:
AWS::CloudFormation::Authentication:
S3Auth:
type: S3
buckets: mybucket
roleName: aws-elasticbeanstalk-ec2-role
files:
/var/app/dummy.txt:
authentication: S3Auth
source: https://s3.eu-central-1.amazonaws.com/mybucket/dummy.txt
这里是来自S3的桶策略
{
"Version": "2008-10-17",
"Id": "BeanstalkS3",
"Statement": [
{
"Sid": "e-123-123",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123123:role/aws-elasticbeanstalk-ec2-role"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::mybucket/resources/environments/logs/*"
},
{
"Sid": "e-123-123",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123123:role/aws-elasticbeanstalk-ec2-role"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::mybucket",
"arn:aws:s3:::mybucket/*"
]
}
]
}
现在,当我使用节点查询文件时:
fs.readFileSync('/var/app/dummy.txt')
EB中的日志显示:
Error: ENOENT: no such file or directory, open '/var/app/dummy.txt'
at Error (native)
at Object.fs.openSync (fs.js:549:18)
at Object.fs.readFileSync (fs.js:397:15)
at /var/app/current/server.js:68:25
at Layer.handle [as handle_request] (/var/app/current/node_modules/express/lib/router/layer.js:95:5)
at next (/var/app/current/node_modules/express/lib/router/route.js:131:13)
at Route.dispatch (/var/app/current/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/var/app/current/node_modules/express/lib/router/layer.js:95:5)
at /var/app/current/node_modules/express/lib/router/index.js:277:22
at Function.process_params (/var/app/current/node_modules/express/lib/router/index.js:330:12)
at next (/var/app/current/node_modules/express/lib/router/index.js:271:10)
at /var/app/current/server.js:52:3
at Layer.handle [as handle_request] (/var/app/current/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/var/app/current/node_modules/express/lib/router/index.js:312:13)
at /var/app/current/node_modules/express/lib/router/index.js:280:7
at Function.process_params (/var/app/current/node_modules/express/lib/router/index.js:330:12)
重要提示,aws-elasticbeanstalk-ec2-role
角色具有以下策略:
- AmazonS3FullAccess
- AmazondynamodFullAccess
- AWSElasticBeanstalkWebTier
- AmazonS3只读访问
- 多集装箱装卸工
- AWSELASTICBEANSTOWERTIER
- AWSCloudFormation只读访问
fs.readFile
是由运行在子shell中的nodejs
用户执行的,因此它没有文件访问权限。我认为问题之一是fs.readFile
是由运行在子shell中的nodejs
用户执行的,因此它没有文件访问权限