gulp-awspublish 使用 AWS 配置文件而不是 AWS_ACCESS_KEY 和密钥
gulp-awspublish with AWS profile instead of AWS_ACCESS_KEY and secret
我正在尝试使用本指南将我的 nuxt 静态网站部署到 S3。
https://nuxtjs.org/faq/deployment-aws-s3-cloudfront
部署脚本在我尝试使用个人 AWS 帐户时有效:
AWS_ACCESS_KEY_ID="钥匙"
AWS_SECRET_ACCESS_KEY="秘密"
取消设置这些导出并在单独的 AWS 帐户上使用 AWS_PROFILE 导出时不起作用。由于公司政策,在这个 AWS 上我无法获得访问密钥和秘密。
我还将这些 AWS 配置文件用于其他用途,因此我确信它们配置正确。
我在控制台中遇到的错误是:
Error: Connect EHOSTUNREACH <EC2 IP address???>
括号里的部分是我看到的IP地址。由于该脚本适用于 S2 和云端,因此它尝试连接到 EC2 的地方很奇怪。
我正在使用的脚本
#!/bin/bash
export AWS_PROFILE="profile_name"
export AWS_BUCKET_NAME="example.com"
export AWS_CLOUDFRONT="UPPERCASE"
# Load nvm (node version manager), install node (version in .nvmrc), and npm install packages
[ -s "$HOME/.nvm/nvm.sh" ] && source "$HOME/.nvm/nvm.sh" && nvm use
# Npm install if not already.
[ ! -d "node_modules" ] && npm install
npm run generate
gulp deploy
至于 gulp 文件:
const gulp = require('gulp')
const awspublish = require('gulp-awspublish')
const cloudfront = require('gulp-cloudfront-invalidate-aws-publish')
const parallelize = require('concurrent-transform')
// https://docs.aws.amazon.com/cli/latest/userguide/cli-environment.html
const config = {
// Required
params: {
Bucket: process.env.AWS_BUCKET_NAME
},
credentials: {
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
signatureVersion: 'v3'
},
// Optional
deleteOldVersions: false, // NOT FOR PRODUCTION
distribution: process.env.AWS_CLOUDFRONT, // CloudFront distribution ID
region: process.env.AWS_DEFAULT_REGION,
headers: {
/* 'Cache-Control': 'max-age=315360000, no-transform, public', */
},
// Sensible Defaults - gitignore these Files and Dirs
distDir: 'dist',
indexRootPath: true,
cacheFileName: '.awspublish',
concurrentUploads: 10,
wait: true // wait for CloudFront invalidation to complete (about 30-60 seconds)
}
gulp.task('deploy', function () {
// create a new publisher using S3 options
// http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property
const publisher = awspublish.create(config)
let g = gulp.src('./' + config.distDir + '/**')
// publisher will add Content-Length, Content-Type and headers specified above
// If not specified it will set x-amz-acl to public-read by default
g = g.pipe(
parallelize(publisher.publish(config.headers), config.concurrentUploads)
)
// Invalidate CDN
if (config.distribution) {
console.log('Configured with CloudFront distribution')
g = g.pipe(cloudfront(config))
} else {
console.log(
'No CloudFront distribution configured - skipping CDN invalidation'
)
}
// Delete removed files
if (config.deleteOldVersions) {
g = g.pipe(publisher.sync())
}
// create a cache file to speed up consecutive uploads
g = g.pipe(publisher.cache())
// print upload updates to console
g = g.pipe(awspublish.reporter())
return g
})
gulp-awspublish 文档提到应该可以通过将 AWS 配置文件添加到导出(我在我的部署文件中这样做)来连接它。
他们还提到使用 aws js sdk,我也通过集成以下代码片段进行了尝试。
var AWS = require("aws-sdk");
var publisher = awspublish.create({
region: "your-region-id",
params: {
Bucket: "..."
},
credentials: new AWS.SharedIniFileCredentials({ profile: "myprofile" })
});
当我使用导出 aws_profile 时,它至少会进行接缝验证。使用 SDK 时,我收到一条错误消息
CredentialsError: Missing Credentials in config, if using
AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
将后者 (AWS_SDK_LOAD_CONFIG=1) 添加到我的部署脚本中没有任何区别。
如果我在脚本中遗漏了某些内容以使其正常工作,有什么想法吗?
我的用户策略设置如教程中所述。也许他们忘记了什么?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::example.com"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": ["arn:aws:s3:::example.com/*"]
},
{
"Effect": "Allow",
"Action": [
"cloudfront:CreateInvalidation",
"cloudfront:GetInvalidation",
"cloudfront:ListInvalidations",
"cloudfront:UnknownOperation"
],
"Resource": "*"
}
]
}
由于 awspublish 使用 javascript sdk,我需要 export AWS_SDK_LOAD_CONFIG=true 解决了问题!
我正在尝试使用本指南将我的 nuxt 静态网站部署到 S3。 https://nuxtjs.org/faq/deployment-aws-s3-cloudfront
部署脚本在我尝试使用个人 AWS 帐户时有效: AWS_ACCESS_KEY_ID="钥匙" AWS_SECRET_ACCESS_KEY="秘密"
取消设置这些导出并在单独的 AWS 帐户上使用 AWS_PROFILE 导出时不起作用。由于公司政策,在这个 AWS 上我无法获得访问密钥和秘密。
我还将这些 AWS 配置文件用于其他用途,因此我确信它们配置正确。
我在控制台中遇到的错误是:
Error: Connect EHOSTUNREACH <EC2 IP address???>
括号里的部分是我看到的IP地址。由于该脚本适用于 S2 和云端,因此它尝试连接到 EC2 的地方很奇怪。
我正在使用的脚本
#!/bin/bash
export AWS_PROFILE="profile_name"
export AWS_BUCKET_NAME="example.com"
export AWS_CLOUDFRONT="UPPERCASE"
# Load nvm (node version manager), install node (version in .nvmrc), and npm install packages
[ -s "$HOME/.nvm/nvm.sh" ] && source "$HOME/.nvm/nvm.sh" && nvm use
# Npm install if not already.
[ ! -d "node_modules" ] && npm install
npm run generate
gulp deploy
至于 gulp 文件:
const gulp = require('gulp')
const awspublish = require('gulp-awspublish')
const cloudfront = require('gulp-cloudfront-invalidate-aws-publish')
const parallelize = require('concurrent-transform')
// https://docs.aws.amazon.com/cli/latest/userguide/cli-environment.html
const config = {
// Required
params: {
Bucket: process.env.AWS_BUCKET_NAME
},
credentials: {
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
signatureVersion: 'v3'
},
// Optional
deleteOldVersions: false, // NOT FOR PRODUCTION
distribution: process.env.AWS_CLOUDFRONT, // CloudFront distribution ID
region: process.env.AWS_DEFAULT_REGION,
headers: {
/* 'Cache-Control': 'max-age=315360000, no-transform, public', */
},
// Sensible Defaults - gitignore these Files and Dirs
distDir: 'dist',
indexRootPath: true,
cacheFileName: '.awspublish',
concurrentUploads: 10,
wait: true // wait for CloudFront invalidation to complete (about 30-60 seconds)
}
gulp.task('deploy', function () {
// create a new publisher using S3 options
// http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property
const publisher = awspublish.create(config)
let g = gulp.src('./' + config.distDir + '/**')
// publisher will add Content-Length, Content-Type and headers specified above
// If not specified it will set x-amz-acl to public-read by default
g = g.pipe(
parallelize(publisher.publish(config.headers), config.concurrentUploads)
)
// Invalidate CDN
if (config.distribution) {
console.log('Configured with CloudFront distribution')
g = g.pipe(cloudfront(config))
} else {
console.log(
'No CloudFront distribution configured - skipping CDN invalidation'
)
}
// Delete removed files
if (config.deleteOldVersions) {
g = g.pipe(publisher.sync())
}
// create a cache file to speed up consecutive uploads
g = g.pipe(publisher.cache())
// print upload updates to console
g = g.pipe(awspublish.reporter())
return g
})
gulp-awspublish 文档提到应该可以通过将 AWS 配置文件添加到导出(我在我的部署文件中这样做)来连接它。
他们还提到使用 aws js sdk,我也通过集成以下代码片段进行了尝试。
var AWS = require("aws-sdk");
var publisher = awspublish.create({
region: "your-region-id",
params: {
Bucket: "..."
},
credentials: new AWS.SharedIniFileCredentials({ profile: "myprofile" })
});
当我使用导出 aws_profile 时,它至少会进行接缝验证。使用 SDK 时,我收到一条错误消息
CredentialsError: Missing Credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
将后者 (AWS_SDK_LOAD_CONFIG=1) 添加到我的部署脚本中没有任何区别。
如果我在脚本中遗漏了某些内容以使其正常工作,有什么想法吗? 我的用户策略设置如教程中所述。也许他们忘记了什么?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::example.com"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": ["arn:aws:s3:::example.com/*"]
},
{
"Effect": "Allow",
"Action": [
"cloudfront:CreateInvalidation",
"cloudfront:GetInvalidation",
"cloudfront:ListInvalidations",
"cloudfront:UnknownOperation"
],
"Resource": "*"
}
]
}
由于 awspublish 使用 javascript sdk,我需要 export AWS_SDK_LOAD_CONFIG=true 解决了问题!