EB 工作人员 cron.yaml - 无权执行:dynamodb:UpdateItem
EB Worker cron.yaml - is not authorized to perform: dynamodb:UpdateItem
我一直在尝试在我的 EB worker 上实施 cron 作业。
部署时我的 EB CLI 显示 "ERROR: Update environment operation is complete, but with errors."
我的 yaml 似乎解析得很好,在我的 EB 事件列表中,我看到了行 "Successfully loaded 1 scheduled tasks from cron.yaml."
version: 1
cron:
- name: "cron"
url: "/cron"
schedule: "* * * * *"
我查看了 eb-activity.log 发现了这个问题:
Activity execution failed, because: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-5fe79aa0 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1GVA6A4AV0YDW - (Aws::DynamoDB::Errors::AccessDeniedException) (ElasticBeanstalk::ExternalInvocationError)
caused by: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-5fe79aa0 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1GVA6A4AV0YDW - (Aws::DynamoDB::Errors::AccessDeniedException) (Executor::NonZeroExitStatus)
这是我在日志中也找到的:
2015-06-04T02:17:19Z schedule-parser: Successfully loaded 1 scheduled tasks from file /opt/python/current/app/cron.yaml .
2015-06-04T02:17:19Z init: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-254d00f5 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1KMJ9BLOVIUSJ (Aws::DynamoDB::Errors::AccessDeniedException)
at /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/aws-sdk-core/plugins/dynamodb_simple_attributes.rb:112:in `call'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/plugins/param_conversion.rb:22:in `call'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/aws-sdk-core/plugins/response_paging.rb:10:in `call'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/request.rb:70:in `send_request'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/base.rb:215:in `block (2 levels) in define_operation_methods'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/storage_manager.rb:81:in `update_registration'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/storage_manager.rb:19:in `verify_table'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/daemon.rb:37:in `initialize'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election.rb:8:in `new'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election.rb:8:in `create'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/cron.rb:241:in `leader_election_daemon'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/cron.rb:30:in `initialize'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/daemon.rb:44:in `new'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/daemon.rb:44:in `initialize'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:34:in `new'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:34:in `start'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:83:in `launch'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:111:in `<top (required)>'
from /opt/elasticbeanstalk/lib/ruby/bin/aws-sqsd:23:in `load'
from /opt/elasticbeanstalk/lib/ruby/bin/aws-sqsd:23:in `<main>'
我已经尝试重建我的环境,但没有任何效果。
这个错误似乎不是我能控制的(希望不是这样,我犯了一个简单的错误)并且是一个关于它如何处理 cron 作业的 EB 问题。我没有任何 dynamodb :)
非常感谢您的帮助,
菲尔
cron worker 在幕后使用小型 dynamo 数据库 table 以确保 auto scaling 组中只有一个实例执行 cron 任务。因此,您需要更新您的角色策略以包含相关的发电机数据库权限。
我一直在尝试在我的 EB worker 上实施 cron 作业。
部署时我的 EB CLI 显示 "ERROR: Update environment operation is complete, but with errors."
我的 yaml 似乎解析得很好,在我的 EB 事件列表中,我看到了行 "Successfully loaded 1 scheduled tasks from cron.yaml."
version: 1
cron:
- name: "cron"
url: "/cron"
schedule: "* * * * *"
我查看了 eb-activity.log 发现了这个问题:
Activity execution failed, because: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-5fe79aa0 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1GVA6A4AV0YDW - (Aws::DynamoDB::Errors::AccessDeniedException) (ElasticBeanstalk::ExternalInvocationError)
caused by: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-5fe79aa0 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1GVA6A4AV0YDW - (Aws::DynamoDB::Errors::AccessDeniedException) (Executor::NonZeroExitStatus)
这是我在日志中也找到的:
2015-06-04T02:17:19Z schedule-parser: Successfully loaded 1 scheduled tasks from file /opt/python/current/app/cron.yaml .
2015-06-04T02:17:19Z init: User: arn:aws:sts::550612933446:assumed-role/WorkerTierRole_KK/i-254d00f5 is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:550612933446:table/awseb-e-jcrjmidtsu-stack-AWSEBWorkerCronLeaderRegistry-1KMJ9BLOVIUSJ (Aws::DynamoDB::Errors::AccessDeniedException)
at /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/aws-sdk-core/plugins/dynamodb_simple_attributes.rb:112:in `call'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/plugins/param_conversion.rb:22:in `call'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/aws-sdk-core/plugins/response_paging.rb:10:in `call'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/request.rb:70:in `send_request'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.0.10/lib/seahorse/client/base.rb:215:in `block (2 levels) in define_operation_methods'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/storage_manager.rb:81:in `update_registration'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/storage_manager.rb:19:in `verify_table'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election/daemon.rb:37:in `initialize'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election.rb:8:in `new'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/vendor/AWSMACLE/lib/leader_election.rb:8:in `create'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/cron.rb:241:in `leader_election_daemon'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/cron.rb:30:in `initialize'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/daemon.rb:44:in `new'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/lib/aws-sqsd/daemon.rb:44:in `initialize'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:34:in `new'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:34:in `start'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:83:in `launch'
from /opt/elasticbeanstalk/lib/ruby/lib/ruby/gems/2.1.0/gems/aws-sqsd-2.0/bin/aws-sqsd:111:in `<top (required)>'
from /opt/elasticbeanstalk/lib/ruby/bin/aws-sqsd:23:in `load'
from /opt/elasticbeanstalk/lib/ruby/bin/aws-sqsd:23:in `<main>'
我已经尝试重建我的环境,但没有任何效果。
这个错误似乎不是我能控制的(希望不是这样,我犯了一个简单的错误)并且是一个关于它如何处理 cron 作业的 EB 问题。我没有任何 dynamodb :)
非常感谢您的帮助, 菲尔
cron worker 在幕后使用小型 dynamo 数据库 table 以确保 auto scaling 组中只有一个实例执行 cron 任务。因此,您需要更新您的角色策略以包含相关的发电机数据库权限。