使用 DNS 道具在 AWS ECS (EC2) 中部署 Spring Cloud Eureka 但得到:'Failed to bind elastic IP (IP)'。我附上了允许用户的政策
Deploying Spring Cloud Eureka in AWS ECS (EC2) with DNS props but getting: 'Failed to bind elastic IP (IP)'. I attached a policy to allow user
我正在使用 AWS ECS 将我集群中的 Eureka 部署到 us-east-1 区域内的区域。 ECS 动态部署到任何区域,我无法预先确定 EC2 实例的 IP 或域,因此我使用 DNS。
我正在使用此处所示的 DNS https://github.com/Netflix/eureka/wiki/Deploying-Eureka-Servers-in-EC2。以下是我的配置:
eureka:
instance:
healthCheckUrlPath: /manage/health
client:
region: us-east-1
availabilityZones:
us-east-1: us-east-1a,us-east-1c
eurekaServerPort: 8761
useDnsForFetchingServiceUrls: true
eurekaServerDNSName: eureka.mydomain.com
eurekaServerURLContext: eureka
registerWithEureka: true
fetchRegistry: true
cloud:
aws:
credentials:
accessKey: AWS_KEY
secretKey: AWS_KEY_SECRET
region:
static: us-east-1
AWS_KEY 的用户附加了此策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:DescribeAddresses",
"ec2:DisassociateAddress"
],
"Sid": "Stmt1375723773000",
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
并配置了 EurekaInstanceConfigBean 配置为:
@Bean
@Profile("!default")
public EurekaInstanceConfigBean eurekaInstanceConfig(InetUtils inetUtils) {
EurekaInstanceConfigBean config = new EurekaInstanceConfigBean(inetUtils);
AmazonInfo info = AmazonInfo.Builder.newBuilder().autoBuild("eureka");
info.getMetadata().put(AmazonInfo.MetaDataKey.publicHostname.getName(), info.get(AmazonInfo.MetaDataKey.publicIpv4));
config.setHostname(info.get(AmazonInfo.MetaDataKey.publicHostname));
config.setIpAddress(info.get(AmazonInfo.MetaDataKey.publicIpv4));
config.setNonSecurePort(port);
config.setDataCenterInfo(info);
return config;
}
好事: Eureka 识别我的 Route 53 配置的 eureka.mydomain.com DNS EIP 并且它尝试绑定 us-east- 区域中的(可用且未分配的)EIP 1c,到我的eureka服务器部署的实例
问题:我在启动我的应用程序时收到以下日志和未经授权的错误:
...................................
.................................
2017-04-10 16:07:42.141 DEBUG 5 --- [ main] c.n.d.s.r.a.DnsTxtRecordClusterResolver : Resolved txt.us-east-1.eureka.mydomain.com to [AwsEndpoint{ serviceUrl=
'http://ec2-34.200.47.82.compute-1.amazonaws.com:8761/eureka', region='us-east-1', zone='us-east-1c'}]
2017-04-10 16:07:42.141 DEBUG 5 --- [ main] c.n.d.s.r.a.ZoneAffinityClusterResolver : Local zone=us-east-1c; resolved to: [AwsEndpoint{ serviceUrl='http://ec2-3
4.200.47.82.compute-1.amazonaws.com:8761/eureka', region='us-east-1', zone='us-east-1c'}]
2017-04-10 16:07:42.204 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Disable delta property : false
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Single vip registry refresh property : null
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Force full registry fetch : false
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Application is null : false
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Registered Applications size is zero : true
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Application version is -1: true
2017-04-10 16:07:42.211 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Getting all instance registry info from the eureka server
2017-04-10 16:07:42.213 DEBUG 5 --- [ main] c.n.d.s.t.d.SessionedEurekaHttpClient : Ending a session and starting anew
2017-04-10 16:07:42.222 DEBUG 5 --- [ main] n.d.s.t.j.AbstractJerseyEurekaHttpClient : Created client for url: http://ec2-34.200.47.82.compute-1.amazonaws.com:87
61/eureka
2017-04-10 16:07:42.313 DEBUG 5 --- [ main] c.n.d.shared.MonitoredConnectionManager : Get connection: {}->http://ec2-34.200.47.82.compute-1.amazonaws.com:8761,
timeout = 5000
2017-04-10 16:07:42.314 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : [{}->http://ec2-34.200.47.82.compute-1.amazonaws.com:8761] total kept aliv
e: 0, total issued: 0, total allocated: 0 out of 200
2017-04-10 16:07:42.314 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : No free connections [{}->http://ec2-34.200.47.82.compute-1.amazonaws.com:8
761][null]
2017-04-10 16:07:42.314 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : Available capacity: 50 out of 50 [{}->http://ec2-34.200.47.82.compute-1.am
azonaws.com:8761][null]
2017-04-10 16:07:42.314 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : Creating new connection [{}->http://ec2-34.200.47.82.compute-1.amazonaws.c
om:8761]
2017-04-10 16:07:42.330 DEBUG 5 --- [ main] c.n.d.shared.MonitoredConnectionManager : Released connection is not reusable.
2017-04-10 16:07:42.331 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : Releasing connection [{}->http://ec2-34.200.47.82.compute-1.amazonaws.com:
8761][null]
2017-04-10 16:07:42.331 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : Notifying no-one, there are no waiting threads
2017-04-10 16:07:42.331 DEBUG 5 --- [ main] n.d.s.t.j.AbstractJerseyEurekaHttpClient : Jersey HTTP GET http://ec2-34.200.47.82.compute-1.amazonaws.com:8761/eurek
a/apps/?; statusCode=N/A
2017-04-10 16:07:42.345 ERROR 5 --- [ main] c.n.d.s.t.d.RedirectingEurekaHttpClient : Request execution
....................
....................
2017-04-10 16:07:49.455 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : This client will talk to the following serviceUrls in order : [http://ec2-
34.206.31.211.compute-1.amazonaws.com:8761/eureka/]
2017-04-10 16:07:49.455 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The region url to be looked up is txt.us-east-1.eureka.mydomain.com :
2017-04-10 16:07:49.456 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The zoneName mapped to region us-east-1 is us-east-1c
2017-04-10 16:07:49.456 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : Checking if the instance zone us-east-1c is the same as the zone from DNS
us-east-1c
2017-04-10 16:07:49.456 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The zone index from the list [us-east-1c] that matches the instance zone u
s-east-1c is 0
2017-04-10 16:07:49.456 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The zone url to be looked up is txt.us-east-1c.eureka.mydomain.com :
2017-04-10 16:07:49.457 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The eureka url for the dns name txt.us-east-1c.eureka.mydomain.com is e
c2-34.200.47.82.compute-1.amazonaws.com
2017-04-10 16:07:49.457 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The EC2 url is http://ec2-34.200.47.82.compute-1.amazonaws.com:8761/eureka
/
2017-04-10 16:07:49.457 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : This client will talk to the following serviceUrls in order : [http://ec2-
34.200.47.82.compute-1.amazonaws.com:8761/eureka/]
**2017-04-10 16:07:49.527 ERROR 5 --- [ Thread-11] com.netflix.eureka.aws.EIPManager : Failed to bind elastic IP: 34.200.47.82 to i-0bc1018ccdcc69148
com.amazonaws.AmazonServiceException: You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request I
D: f9b2dec4-6d79-4da2-bbac-061416bde000)**
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1378) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:924) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:702) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:454) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:416) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:365) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.services.ec2.AmazonEC2Client.doInvoke(AmazonEC2Client.java:12003) ~[aws-java-sdk-ec2-1.11.18.jar!/:na]
at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:11973) ~[aws-java-sdk-ec2-1.11.18.jar!/:na]
at com.amazonaws.services.ec2.AmazonEC2Client.describeAddresses(AmazonEC2Client.java:4716) ~[aws-java-sdk-ec2-1.11.18.jar!/:na]
at com.netflix.eureka.aws.EIPManager.bindEIP(EIPManager.java:202) [eureka-core-1.4.12.jar!/:1.4.12]
at com.netflix.eureka.aws.EIPManager.handleEIPBinding(EIPManager.java:136) [eureka-core-1.4.12.jar!/:1.4.12]
at com.netflix.eureka.aws.EIPManager.start(EIPManager.java:105) [eureka-core-1.4.12.jar!/:1.4.12]
at com.netflix.eureka.aws.AwsBinderDelegate.start(AwsBinderDelegate.java:42) [eureka-core-1.4.12.jar!/:1.4.12]
at org.springframework.cloud.netflix.eureka.server.EurekaServerBootstrap.initEurekaServerContext(EurekaServerBootstrap.java:145) [spring-cloud-netflix-eureka-serve
r-1.2.6.RELEASE.jar!/:1.2.6.RELEASE]
at org.springframework.cloud.netflix.eureka.server.EurekaServerBootstrap.contextInitialized(EurekaServerBootstrap.java:81) [spring-cloud-netflix-eureka-server-1.2.
6.RELEASE.jar!/:1.2.6.RELEASE]
at org.springframework.cloud.netflix.eureka.server.EurekaServerInitializerConfiguration.run(EurekaServerInitializerConfiguration.java:70) [spring-cloud-netflix-e
ureka-server-1.2.6.RELEASE.jar!/:1.2.6.RELEASE]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
2017-04-10 16:07:49.527 INFO 5 --- [ Thread-11] com.netflix.eureka.aws.EIPManager : No EIP is free to be associated with this instance. Candidate EIPs are: [3
4.200.47.82]
......................................
........................................
........................................
问题:我已经附加了允许 Eureka 将弹性 IP 绑定到部署它的实例的策略,但是为什么我得到 You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation 以及如何我可以解决这个问题吗?就目前而言,我已经花了一天多的时间在谷歌上搜索,但仍然出现同样的错误:(
我尝试了如下配置 eureka 的 netflix 方式,但无济于事:(:
eureka:
awsAccessId: AWS_KEY
awsSecretKey:AWS_KEY_SECRET
asgName: EIPAccessPolicyGroup
所以我终于找到了解决方案,并得到了 @DirkLachowski and @spencergibb on this post 的帮助。非常感谢你们。所以我只需要改变这个:
eureka:
awsAccessId: AWS_KEY
awsSecretKey:AWS_KEY_SECRET
asgName: EIPAccessPolicyGroup
为此:
eureka:
server:
aWSAccessId: AWS_KEY
aWSSecretKey: AWS_SECRET_KEY
asgName: EC2ContainerService_AUTO_SCALING_GROUP_CREATED_BY_ECS_FOR_MY_CLUSTER
因此每个 eureka 服务器将我放在 TXT DNS 记录上的 unused/free EIP 绑定到我的 eureka 服务器所在的 EC2 实例 运行 :)
我正在使用 AWS ECS 将我集群中的 Eureka 部署到 us-east-1 区域内的区域。 ECS 动态部署到任何区域,我无法预先确定 EC2 实例的 IP 或域,因此我使用 DNS。
我正在使用此处所示的 DNS https://github.com/Netflix/eureka/wiki/Deploying-Eureka-Servers-in-EC2。以下是我的配置:
eureka:
instance:
healthCheckUrlPath: /manage/health
client:
region: us-east-1
availabilityZones:
us-east-1: us-east-1a,us-east-1c
eurekaServerPort: 8761
useDnsForFetchingServiceUrls: true
eurekaServerDNSName: eureka.mydomain.com
eurekaServerURLContext: eureka
registerWithEureka: true
fetchRegistry: true
cloud:
aws:
credentials:
accessKey: AWS_KEY
secretKey: AWS_KEY_SECRET
region:
static: us-east-1
AWS_KEY 的用户附加了此策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:DescribeAddresses",
"ec2:DisassociateAddress"
],
"Sid": "Stmt1375723773000",
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
并配置了 EurekaInstanceConfigBean 配置为:
@Bean
@Profile("!default")
public EurekaInstanceConfigBean eurekaInstanceConfig(InetUtils inetUtils) {
EurekaInstanceConfigBean config = new EurekaInstanceConfigBean(inetUtils);
AmazonInfo info = AmazonInfo.Builder.newBuilder().autoBuild("eureka");
info.getMetadata().put(AmazonInfo.MetaDataKey.publicHostname.getName(), info.get(AmazonInfo.MetaDataKey.publicIpv4));
config.setHostname(info.get(AmazonInfo.MetaDataKey.publicHostname));
config.setIpAddress(info.get(AmazonInfo.MetaDataKey.publicIpv4));
config.setNonSecurePort(port);
config.setDataCenterInfo(info);
return config;
}
好事: Eureka 识别我的 Route 53 配置的 eureka.mydomain.com DNS EIP 并且它尝试绑定 us-east- 区域中的(可用且未分配的)EIP 1c,到我的eureka服务器部署的实例
问题:我在启动我的应用程序时收到以下日志和未经授权的错误:
...................................
.................................
2017-04-10 16:07:42.141 DEBUG 5 --- [ main] c.n.d.s.r.a.DnsTxtRecordClusterResolver : Resolved txt.us-east-1.eureka.mydomain.com to [AwsEndpoint{ serviceUrl=
'http://ec2-34.200.47.82.compute-1.amazonaws.com:8761/eureka', region='us-east-1', zone='us-east-1c'}]
2017-04-10 16:07:42.141 DEBUG 5 --- [ main] c.n.d.s.r.a.ZoneAffinityClusterResolver : Local zone=us-east-1c; resolved to: [AwsEndpoint{ serviceUrl='http://ec2-3
4.200.47.82.compute-1.amazonaws.com:8761/eureka', region='us-east-1', zone='us-east-1c'}]
2017-04-10 16:07:42.204 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Disable delta property : false
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Single vip registry refresh property : null
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Force full registry fetch : false
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Application is null : false
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Registered Applications size is zero : true
2017-04-10 16:07:42.209 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Application version is -1: true
2017-04-10 16:07:42.211 INFO 5 --- [ main] com.netflix.discovery.DiscoveryClient : Getting all instance registry info from the eureka server
2017-04-10 16:07:42.213 DEBUG 5 --- [ main] c.n.d.s.t.d.SessionedEurekaHttpClient : Ending a session and starting anew
2017-04-10 16:07:42.222 DEBUG 5 --- [ main] n.d.s.t.j.AbstractJerseyEurekaHttpClient : Created client for url: http://ec2-34.200.47.82.compute-1.amazonaws.com:87
61/eureka
2017-04-10 16:07:42.313 DEBUG 5 --- [ main] c.n.d.shared.MonitoredConnectionManager : Get connection: {}->http://ec2-34.200.47.82.compute-1.amazonaws.com:8761,
timeout = 5000
2017-04-10 16:07:42.314 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : [{}->http://ec2-34.200.47.82.compute-1.amazonaws.com:8761] total kept aliv
e: 0, total issued: 0, total allocated: 0 out of 200
2017-04-10 16:07:42.314 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : No free connections [{}->http://ec2-34.200.47.82.compute-1.amazonaws.com:8
761][null]
2017-04-10 16:07:42.314 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : Available capacity: 50 out of 50 [{}->http://ec2-34.200.47.82.compute-1.am
azonaws.com:8761][null]
2017-04-10 16:07:42.314 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : Creating new connection [{}->http://ec2-34.200.47.82.compute-1.amazonaws.c
om:8761]
2017-04-10 16:07:42.330 DEBUG 5 --- [ main] c.n.d.shared.MonitoredConnectionManager : Released connection is not reusable.
2017-04-10 16:07:42.331 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : Releasing connection [{}->http://ec2-34.200.47.82.compute-1.amazonaws.com:
8761][null]
2017-04-10 16:07:42.331 DEBUG 5 --- [ main] c.n.d.shared.NamedConnectionPool : Notifying no-one, there are no waiting threads
2017-04-10 16:07:42.331 DEBUG 5 --- [ main] n.d.s.t.j.AbstractJerseyEurekaHttpClient : Jersey HTTP GET http://ec2-34.200.47.82.compute-1.amazonaws.com:8761/eurek
a/apps/?; statusCode=N/A
2017-04-10 16:07:42.345 ERROR 5 --- [ main] c.n.d.s.t.d.RedirectingEurekaHttpClient : Request execution
....................
....................
2017-04-10 16:07:49.455 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : This client will talk to the following serviceUrls in order : [http://ec2-
34.206.31.211.compute-1.amazonaws.com:8761/eureka/]
2017-04-10 16:07:49.455 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The region url to be looked up is txt.us-east-1.eureka.mydomain.com :
2017-04-10 16:07:49.456 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The zoneName mapped to region us-east-1 is us-east-1c
2017-04-10 16:07:49.456 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : Checking if the instance zone us-east-1c is the same as the zone from DNS
us-east-1c
2017-04-10 16:07:49.456 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The zone index from the list [us-east-1c] that matches the instance zone u
s-east-1c is 0
2017-04-10 16:07:49.456 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The zone url to be looked up is txt.us-east-1c.eureka.mydomain.com :
2017-04-10 16:07:49.457 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The eureka url for the dns name txt.us-east-1c.eureka.mydomain.com is e
c2-34.200.47.82.compute-1.amazonaws.com
2017-04-10 16:07:49.457 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : The EC2 url is http://ec2-34.200.47.82.compute-1.amazonaws.com:8761/eureka
/
2017-04-10 16:07:49.457 DEBUG 5 --- [ Thread-11] c.n.discovery.endpoint.EndpointUtils : This client will talk to the following serviceUrls in order : [http://ec2-
34.200.47.82.compute-1.amazonaws.com:8761/eureka/]
**2017-04-10 16:07:49.527 ERROR 5 --- [ Thread-11] com.netflix.eureka.aws.EIPManager : Failed to bind elastic IP: 34.200.47.82 to i-0bc1018ccdcc69148
com.amazonaws.AmazonServiceException: You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request I
D: f9b2dec4-6d79-4da2-bbac-061416bde000)**
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1378) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:924) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:702) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:454) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:416) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:365) ~[aws-java-sdk-core-1.11.18.jar!/:na]
at com.amazonaws.services.ec2.AmazonEC2Client.doInvoke(AmazonEC2Client.java:12003) ~[aws-java-sdk-ec2-1.11.18.jar!/:na]
at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:11973) ~[aws-java-sdk-ec2-1.11.18.jar!/:na]
at com.amazonaws.services.ec2.AmazonEC2Client.describeAddresses(AmazonEC2Client.java:4716) ~[aws-java-sdk-ec2-1.11.18.jar!/:na]
at com.netflix.eureka.aws.EIPManager.bindEIP(EIPManager.java:202) [eureka-core-1.4.12.jar!/:1.4.12]
at com.netflix.eureka.aws.EIPManager.handleEIPBinding(EIPManager.java:136) [eureka-core-1.4.12.jar!/:1.4.12]
at com.netflix.eureka.aws.EIPManager.start(EIPManager.java:105) [eureka-core-1.4.12.jar!/:1.4.12]
at com.netflix.eureka.aws.AwsBinderDelegate.start(AwsBinderDelegate.java:42) [eureka-core-1.4.12.jar!/:1.4.12]
at org.springframework.cloud.netflix.eureka.server.EurekaServerBootstrap.initEurekaServerContext(EurekaServerBootstrap.java:145) [spring-cloud-netflix-eureka-serve
r-1.2.6.RELEASE.jar!/:1.2.6.RELEASE]
at org.springframework.cloud.netflix.eureka.server.EurekaServerBootstrap.contextInitialized(EurekaServerBootstrap.java:81) [spring-cloud-netflix-eureka-server-1.2.
6.RELEASE.jar!/:1.2.6.RELEASE]
at org.springframework.cloud.netflix.eureka.server.EurekaServerInitializerConfiguration.run(EurekaServerInitializerConfiguration.java:70) [spring-cloud-netflix-e
ureka-server-1.2.6.RELEASE.jar!/:1.2.6.RELEASE]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
2017-04-10 16:07:49.527 INFO 5 --- [ Thread-11] com.netflix.eureka.aws.EIPManager : No EIP is free to be associated with this instance. Candidate EIPs are: [3
4.200.47.82]
......................................
........................................
........................................
问题:我已经附加了允许 Eureka 将弹性 IP 绑定到部署它的实例的策略,但是为什么我得到 You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation 以及如何我可以解决这个问题吗?就目前而言,我已经花了一天多的时间在谷歌上搜索,但仍然出现同样的错误:(
我尝试了如下配置 eureka 的 netflix 方式,但无济于事:(:
eureka:
awsAccessId: AWS_KEY
awsSecretKey:AWS_KEY_SECRET
asgName: EIPAccessPolicyGroup
所以我终于找到了解决方案,并得到了 @DirkLachowski and @spencergibb on this post 的帮助。非常感谢你们。所以我只需要改变这个:
eureka:
awsAccessId: AWS_KEY
awsSecretKey:AWS_KEY_SECRET
asgName: EIPAccessPolicyGroup
为此:
eureka:
server:
aWSAccessId: AWS_KEY
aWSSecretKey: AWS_SECRET_KEY
asgName: EC2ContainerService_AUTO_SCALING_GROUP_CREATED_BY_ECS_FOR_MY_CLUSTER
因此每个 eureka 服务器将我放在 TXT DNS 记录上的 unused/free EIP 绑定到我的 eureka 服务器所在的 EC2 实例 运行 :)