无法从 Cloudformation 中的 EC2 实例访问 S3 -- 调用 HeadObject 操作时发生客户端错误 (301):永久移动
Unable to access S3 from EC2 Instance in Cloudformation -- A client error (301) occurred when calling the HeadObject operation: Moved Permanently
我正在尝试通过实例的用户数据 属性 从 S3 存储桶将文件下载到实例。但是,我收到错误:
A client error (301) occurred when calling the HeadObject operation:
Moved Permanently.
我使用 IAM 角色、托管策略和实例配置文件来为实例提供对 s3 存储桶的访问权限:
"Role": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/",
"ManagedPolicyArns": [
{
"Ref": "ManagedPolicy"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "069d4411-2718-400f-98dd-529bb95fd531"
}
}
},
"RolePolicy": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "S3Download",
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucket/*"
}
]
},
"Roles": [
{
"Ref": "Role"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "babd8869-948c-4b8a-958d-b1bff9d3063b"
}
}
},
"InstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "Role"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "890c4df0-5d25-4f2c-b81e-05a8b8ab37c4"
}
}
},
我尝试使用用户数据中的这一行下载文件 属性:
aws s3 cp s3://mybucket/login.keytab
destination_directory/
有什么问题吗?如果我将文件 public 然后从命令行使用 wget ,我可以成功下载文件,但由于某种原因,使用 cp 时找不到 bucket/file 并且文件不是 public容易访问。
Moved Permanently 通常表示您正在被重定向到对象的位置。这通常是因为请求被发送到 不同区域.
中的端点
添加 --region 参数,其中区域与存储桶的区域匹配。例如:
aws s3 cp s3://mybucket/login.keytab destination_directory/ --region ap-southeast-2
您可以修改 /root/.aws/credentials 文件并添加地区 region = ap-southeast-2
我正在尝试通过实例的用户数据 属性 从 S3 存储桶将文件下载到实例。但是,我收到错误:
A client error (301) occurred when calling the HeadObject operation: Moved Permanently.
我使用 IAM 角色、托管策略和实例配置文件来为实例提供对 s3 存储桶的访问权限:
"Role": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com", "s3.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "ManagedPolicyArns": [ { "Ref": "ManagedPolicy" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "069d4411-2718-400f-98dd-529bb95fd531" } } }, "RolePolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "S3Download", "PolicyDocument": { "Statement": [ { "Action": [ "s3:*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::mybucket/*" } ] }, "Roles": [ { "Ref": "Role" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "babd8869-948c-4b8a-958d-b1bff9d3063b" } } }, "InstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "Role" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "890c4df0-5d25-4f2c-b81e-05a8b8ab37c4" } } },
我尝试使用用户数据中的这一行下载文件 属性:
aws s3 cp s3://mybucket/login.keytab destination_directory/
有什么问题吗?如果我将文件 public 然后从命令行使用 wget ,我可以成功下载文件,但由于某种原因,使用 cp 时找不到 bucket/file 并且文件不是 public容易访问。
Moved Permanently 通常表示您正在被重定向到对象的位置。这通常是因为请求被发送到 不同区域.
添加 --region 参数,其中区域与存储桶的区域匹配。例如:
aws s3 cp s3://mybucket/login.keytab destination_directory/ --region ap-southeast-2
您可以修改 /root/.aws/credentials 文件并添加地区 region = ap-southeast-2