缺少 ECS Fargate 任务容器 AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
ECS Fargate Task Container missing AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
我的任务定义链接到一个 IAM 角色,它在官方 AWS testing environment 下完美运行。但是,在生产中,我不断收到此错误:
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
我使用一些预定义的官方 AWS 模板启动我的 Fargate 设置,我的任务定义如下所示(yml 格式):
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Ref 'ServiceName'
Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory'
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
ExecutionRoleArn: 'arn:aws:iam::835985753999:role/ecsTaskExecutionRole'
ContainerDefinitions:
- Name: !Ref 'ServiceName'
Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory'
Image: !Ref 'ImageUrl'
PortMappings:
- ContainerPort: !Ref 'ContainerPort'
LogConfiguration:
LogDriver: 'awslogs'
Options:
awslogs-group: 'sharingmonsterlog'
awslogs-region: 'eu-west-3'
awslogs-stream-prefix: 'test'
我添加了一些 nodejs 调试行,我在生产环境中控制台打印环境变量,如下所示:
{ PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
HOSTNAME: 'ip-10-0-0-209.eu-west-3.compute.internal',
AWS_DEFAULT_REGION: 'eu-west-3',
AWS_EXECUTION_ENV: 'AWS_ECS_FARGATE',
AWS_REGION: 'eu-west-3',
ECS_CONTAINER_METADATA_URI: 'http://169.254.170.2/v3/8e0739ad-dd47-4672-8eed-d63debdb2fea',
VERSION: 'v9.11.1',
NPM_VERSION: '5',
YARN_VERSION: 'latest',
CONFIG_FLAGS: '--fully-static --without-npm',
DEL_PKGS: 'libstdc++',
RM_DIRS: '/usr/include',
HOME: '/root' }
ECS 代理应该填充 AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,但如您所见,它丢失了。
有什么想法吗?我真的很绝望,几周来一直在努力解决这个问题。
谢谢。
我认为您错过了 "TaskRoleArn : String" property。您确实具有用于拉取图像和推送日志的任务执行角色,而任务角色对其他 aws 服务进行 API 调用并填充 AWS_CONTAINER_CREDENTIALS_RELATIVE_URI。
我的任务定义链接到一个 IAM 角色,它在官方 AWS testing environment 下完美运行。但是,在生产中,我不断收到此错误:
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
我使用一些预定义的官方 AWS 模板启动我的 Fargate 设置,我的任务定义如下所示(yml 格式):
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Ref 'ServiceName'
Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory'
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
ExecutionRoleArn: 'arn:aws:iam::835985753999:role/ecsTaskExecutionRole'
ContainerDefinitions:
- Name: !Ref 'ServiceName'
Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory'
Image: !Ref 'ImageUrl'
PortMappings:
- ContainerPort: !Ref 'ContainerPort'
LogConfiguration:
LogDriver: 'awslogs'
Options:
awslogs-group: 'sharingmonsterlog'
awslogs-region: 'eu-west-3'
awslogs-stream-prefix: 'test'
我添加了一些 nodejs 调试行,我在生产环境中控制台打印环境变量,如下所示:
{ PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
HOSTNAME: 'ip-10-0-0-209.eu-west-3.compute.internal',
AWS_DEFAULT_REGION: 'eu-west-3',
AWS_EXECUTION_ENV: 'AWS_ECS_FARGATE',
AWS_REGION: 'eu-west-3',
ECS_CONTAINER_METADATA_URI: 'http://169.254.170.2/v3/8e0739ad-dd47-4672-8eed-d63debdb2fea',
VERSION: 'v9.11.1',
NPM_VERSION: '5',
YARN_VERSION: 'latest',
CONFIG_FLAGS: '--fully-static --without-npm',
DEL_PKGS: 'libstdc++',
RM_DIRS: '/usr/include',
HOME: '/root' }
ECS 代理应该填充 AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,但如您所见,它丢失了。
有什么想法吗?我真的很绝望,几周来一直在努力解决这个问题。
谢谢。
我认为您错过了 "TaskRoleArn : String" property。您确实具有用于拉取图像和推送日志的任务执行角色,而任务角色对其他 aws 服务进行 API 调用并填充 AWS_CONTAINER_CREDENTIALS_RELATIVE_URI。