使用 Pulumi 部署 Localstack：配置中缺少凭据

Question

我正在尝试使用 Pulumi 部署 localstack。特别是我正在尝试关注 this example.

代码如下

import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";


// Create a bucket each for TPS reports and their archived zips.
const tpsReports = new aws.s3.Bucket("tpsReports");
const tpsZips = new aws.s3.Bucket("tpsZips");

// Anytime a new TPS Report is uploaded, archive it in a zipfile.
tpsReports.onObjectCreated("zipTpsReports", async (e) => {
    const admZip = require("adm-zip");
    const s3 = new aws.sdk.S3();
    for (const rec of e.Records || []) {
        const zip = new admZip();
        const [ buck, key ] = [ rec.s3.bucket.name, rec.s3.object.key ];
        console.log(`Zipping ${buck}/${key} into ${tpsZips.bucket.get()}/${key}.zip`);
        const data = await s3.getObject({ Bucket: buck, Key: key }).promise();
        zip.addFile(key, data.Body);
        await s3.putObject({
            Bucket: tpsZips.bucket.get(),
            Key: `${key}.zip`,
            Body: zip.toBuffer(),
        }).promise();
    }
});

// Finally, export the zipfile bucket name, for ease of access.
export const tpsReportsBucket = tpsReports.bucket;
export const tpsZipsBucket = tpsZips.bucket;

Pulumi.local.yaml 文件如下。

encryptionsalt: v1:+vnO5hzuWuw=:v1:TmVzyjbKEBaC2kfZ:PdUUCqpjq+3EUrycO+vTCtcmTKVgtg==
config:
  aws:accessKey: test
  aws:endpoints:
  - cloudwatch: http://localhost:4566
    cloudwatchlogs: http://localhost:4566
    dynamodb: http://localhost:4566
    iam: http://localhost:4566
    lambda: http://localhost:4566
    s3: http://localhost:4566
    secretsmanager: http://localhost:4566
    sns: http://localhost:4566
    sqs: http://localhost:4566
  aws:region: eu-south-1
  aws:s3ForcePathStyle: "true"
  aws:secretKey: test
  aws:skipCredentialsValidation: "true"
  aws:skipRequestingAccountId: "true"

然后，在pulumi up之后，我在tpsReportsBucket上传了一个简单的txt文件：

awslocal s3 cp ./tps004.txt s3://$(pulumi stack output tpsReportsBucket)

通过查看 localstack 终端，我看到以下内容：

2021-03-16T15:53:54:INFO:localstack.services.awslambda.lambda_executors: Running lambda cmd: CONTAINER_ID="$(docker create -i   -e AWS_REGION="$AWS_REGION" -e DOCKER_LAMBDA_USE_STDIN="$DOCKER_LAMBDA_USE_STDIN" -e LOCALSTACK_HOSTNAME="$LOCALSTACK_HOSTNAME" -e EDGE_PORT="$EDGE_PORT" -e _HANDLER="$_HANDLER" -e AWS_LAMBDA_FUNCTION_TIMEOUT="$AWS_LAMBDA_FUNCTION_TIMEOUT" -e AWS_LAMBDA_FUNCTION_NAME="$AWS_LAMBDA_FUNCTION_NAME" -e AWS_LAMBDA_FUNCTION_VERSION="$AWS_LAMBDA_FUNCTION_VERSION" -e AWS_LAMBDA_FUNCTION_INVOKED_ARN="$AWS_LAMBDA_FUNCTION_INVOKED_ARN" -e AWS_LAMBDA_COGNITO_IDENTITY="$AWS_LAMBDA_COGNITO_IDENTITY" -e NODE_TLS_REJECT_UNAUTHORIZED="$NODE_TLS_REJECT_UNAUTHORIZED"   --rm "lambci/lambda:nodejs12.x" "__index.handler")";docker cp "/tmp/localstack/zipfile.50a4d689/." "$CONTAINER_ID:/var/task"; docker start -ai "$CONTAINER_ID";
2021-03-16T15:54:01:WARNING:bootstrap.py: Thread run method <function LambdaExecutor.execute.<locals>.do_execute at 0x7f8ea0bec040>(None) failed: Lambda process returned error status code: 1. Result: {"errorType":"CredentialsError","errorMessage":"Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1"}. Output:
START RequestId: 801df08b-8f2c-1e6b-796b-7afd00772254 Version: $LATEST
2021-03-16T15:53:55.872Z        801df08b-8f2c-1e6b-796b-7afd00772254    INFO    Zipping tpsreports-6f6b3d2/tps004.txt into tpszips-d30a9e7/tps004.txt.zip
2021-03-16T15:54:01.131Z        801df08b-8f2c-1e6b-796b-7afd00772254    ERROR   Invoke Error    {"errorType":"CredentialsError","errorMessage":"Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1","code":"CredentialsError","message":"Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1","errno":"ECONNREFUSED","syscall":"connect","address":"169.254.169.254","port":80,"time":"2021-03-16T15:54:01.126Z","originalError":{"message":"Could not load credentials from any providers","errno":"ECONNREFUSED","code":"CredentialsError","syscall":"connect","address":"169.254.169.254","port":80,"time":"2021-03-16T15:54:01.125Z","originalError":{"message":"EC2 Metadata roleName request returned error","errno":"ECONNREFUSED","code":"ECONNREFUSED","syscall":"connect","address":"169.254.169.254","port":80,"time":"2021-03-16T15:54:01.125Z","originalError":{"errno":"ECONNREFUSED","code":"ECONNREFUSED","syscall":"connect","address":"169.254.169.254","port":80,"message":"connect ECONNREFUSED 169.254.169.254:80"}}},"stack":["Error: connect ECONNREFUSED 169.254.169.254:80","    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16)"]}
END RequestId: 801df08b-8f2c-1e6b-796b-7afd00772254
REPORT RequestId: 801df08b-8f2c-1e6b-796b-7afd00772254  Init Duration: 221.93 ms        Duration: 5673.56 ms    Billed Duration: 5674 ms     Memory Size: 1536 MB    Max Memory Used: 56 MB   Traceback (most recent call last):
  File "/opt/code/localstack/localstack/utils/bootstrap.py", line 653, in run
    result = self.func(self.params)
  File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 168, in do_execute
    return _run(func_arn=func_arn)
  File "/opt/code/localstack/localstack/utils/cloudwatch/cloudwatch_util.py", line 149, in wrapped
    raise e
  File "/opt/code/localstack/localstack/utils/cloudwatch/cloudwatch_util.py", line 145, in wrapped
    result = func(*args, **kwargs)
  File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 159, in _run
    raise e
  File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 147, in _run
    result = self._execute(func_arn, func_details, event, context, version)
  File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 325, in _execute
    result = self.run_lambda_executor(cmd, stdin, env_vars=environment, func_details=func_details)
  File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 231, in run_lambda_executor
    raise InvocationException('Lambda process returned error status code: %s. Result: %s. Output:\n%s' %
localstack.services.awslambda.lambda_executors.InvocationException: Lambda process returned error status code: 1. Result: {"errorType":"CredentialsError","errorMessage":"Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1"}. Output:
START RequestId: 801df08b-8f2c-1e6b-796b-7afd00772254 Version: $LATEST
2021-03-16T15:53:55.872Z        801df08b-8f2c-1e6b-796b-7afd00772254    INFO    Zipping tpsreports-6f6b3d2/tps004.txt into tpszips-d30a9e7/tps004.txt.zip
2021-03-16T15:54:01.131Z        801df08b-8f2c-1e6b-796b-7afd00772254    ERROR   Invoke Error    {"errorType":"CredentialsError","errorMessage":"Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1","code":"CredentialsError","message":"Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1","errno":"ECONNREFUSED","syscall":"connect","address":"169.254.169.254","port":80,"time":"2021-03-16T15:54:01.126Z","originalError":{"message":"Could not load credentials from any providers","errno":"ECONNREFUSED","code":"CredentialsError","syscall":"connect","address":"169.254.169.254","port":80,"time":"2021-03-16T15:54:01.125Z","originalError":{"message":"EC2 Metadata roleName request returned error","errno":"ECONNREFUSED","code":"ECONNREFUSED","syscall":"connect","address":"169.254.169.254","port":80,"time":"2021-03-16T15:54:01.125Z","originalError":{"errno":"ECONNREFUSED","code":"ECONNREFUSED","syscall":"connect","address":"169.254.169.254","port":80,"message":"connect ECONNREFUSED 169.254.169.254:80"}}},"stack":["Error: connect ECONNREFUSED 169.254.169.254:80","    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16)"]}
END RequestId: 801df08b-8f2c-1e6b-796b-7afd00772254
REPORT RequestId: 801df08b-8f2c-1e6b-796b-7afd00772254  Init Duration: 221.93 ms        Duration: 5673.56 ms    Billed Duration: 5674 ms     Memory Size: 1536 MB    Max Memory Used: 56 MB

综上所述，错误信息为"Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1"。我尝试了我在其他问题中找到的所有建议，但这些建议 none。可能是因为我在用 Pulumi。

感谢您的帮助。

Answer 1

解决方案是将 network_mode: bridge 添加到我的 docker 撰写文件中，我在此处显示该文件。

version: '3'
services:
localstack:
  image: localstack/localstack
  container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
  network_mode: bridge
ports:
  - "4566:4566" 
environment:
  - SERVICES=serverless
  - LAMBDA_REMOVE_CONTAINERS=false
  - DOCKER_HOST=unix:///var/run/docker.sock
  - AWS_DEAFULT_REGION=us-east-1
  - DEFAULT_REGION=us-east-1
  - AWS_ACCESS_KEY_ID=test
  - AWS_SECRET_ACCESS_KEY=test
  - LAMBDA_REMOTE_DOCKER=true
  - LAMBDA_EXECUTOR=docker
volumes:
  - "${TMPDIR}:/tmp/localstack"
  - "/var/run/docker.sock:/var/run/docker.sock"