Packer 和 AWS 凭证:CryptProtectData 失败
Packer and AWS credentials: CryptProtectData failed
我正在使用 Packer 配置 Windows 机器。我使用 Powershell 脚本来完成大部分配置。
一个重要的配置步骤是从私有 S3 存储桶下载一些软件。为了首先设置 AWS 凭证,我 运行 这个片段:
echo "Configure AWS"
echo "AWS_ACCESS_KEY_ID: ${env:AWS_ACCESS_KEY_ID}"
echo "AWS_SECRET_ACCESS_KEY: ${env:AWS_SECRET_ACCESS_KEY}"
echo "AWS_DEFAULT_REGION: ${env:AWS_DEFAULT_REGION}"
Set-AWSCredentials -AccessKey ${env:AWS_ACCESS_KEY_ID} -SecretKey ${env:AWS_SECRET_ACCESS_KEY} -StoreAs default
并且当 Packer 运行 在机器上发送它时总是会出错:
amazon-ebs: Set-AWSCredentials : CryptProtectData failed.
amazon-ebs: At C:\Windows\Temp\script.ps1:15 char:1
amazon-ebs: + Set-AWSCredentials -AccessKey ${env:AWS_ACCESS_KEY_ID} -SecretKey
amazon-ebs: ${env:AWS_SECR ...
如果我直接在 Windows 实例上 运行 这个命令,它工作正常。
谢谢,
杰文
来自 PowerShell doc:
The PowerShell Tools can use either of two credentials stores.
- The AWS SDK store, which encrypts your credentials and stores them in your home folder. The AWS SDK for .NET and AWS Toolkit for Visual
Studio can also use the AWS SDK store.
- The credentials file, which is also located in your home folder, but stores credentials as plain text. By default, the credentials file is
stored here: `C:\Users\username.aws. The AWS SDKs and the AWS Command
Line Interface can also use the credentials file. If you are running a
script outside of your AWS user context, be sure that the file that
contains your credentials is copied to a location where all user
accounts (local system and user) can access your credentials.
从google搜索,好像有人转用BasicAWSCredentials
我不确定您是否可以这样做(取决于您是否使用 SDK),如果没有,您可以使用文档中描述的第二种方法并将变量存储在 C:\Users\username\.aws 中并使用 S3使用此文件中存储的凭据的命令
我正在使用 Packer 配置 Windows 机器。我使用 Powershell 脚本来完成大部分配置。
一个重要的配置步骤是从私有 S3 存储桶下载一些软件。为了首先设置 AWS 凭证,我 运行 这个片段:
echo "Configure AWS"
echo "AWS_ACCESS_KEY_ID: ${env:AWS_ACCESS_KEY_ID}"
echo "AWS_SECRET_ACCESS_KEY: ${env:AWS_SECRET_ACCESS_KEY}"
echo "AWS_DEFAULT_REGION: ${env:AWS_DEFAULT_REGION}"
Set-AWSCredentials -AccessKey ${env:AWS_ACCESS_KEY_ID} -SecretKey ${env:AWS_SECRET_ACCESS_KEY} -StoreAs default
并且当 Packer 运行 在机器上发送它时总是会出错:
amazon-ebs: Set-AWSCredentials : CryptProtectData failed.
amazon-ebs: At C:\Windows\Temp\script.ps1:15 char:1
amazon-ebs: + Set-AWSCredentials -AccessKey ${env:AWS_ACCESS_KEY_ID} -SecretKey
amazon-ebs: ${env:AWS_SECR ...
如果我直接在 Windows 实例上 运行 这个命令,它工作正常。
谢谢, 杰文
来自 PowerShell doc:
The PowerShell Tools can use either of two credentials stores.
- The AWS SDK store, which encrypts your credentials and stores them in your home folder. The AWS SDK for .NET and AWS Toolkit for Visual Studio can also use the AWS SDK store.
- The credentials file, which is also located in your home folder, but stores credentials as plain text. By default, the credentials file is stored here: `C:\Users\username.aws. The AWS SDKs and the AWS Command Line Interface can also use the credentials file. If you are running a script outside of your AWS user context, be sure that the file that contains your credentials is copied to a location where all user accounts (local system and user) can access your credentials.
从google搜索,好像有人转用BasicAWSCredentials
我不确定您是否可以这样做(取决于您是否使用 SDK),如果没有,您可以使用文档中描述的第二种方法并将变量存储在 C:\Users\username\.aws 中并使用 S3使用此文件中存储的凭据的命令