Copilot部署失败无法访问SSM
Copilot Fails to Deploy Cannot Access SSM
当我尝试使用 Copilot 将我的 负载平衡 Web 服务 部署到新环境时,我遇到了以下错误。我在 test 中拥有所有 运行,创建了一个新的 prod 环境并尝试将服务部署到其中,但任务详细信息显示停止原因:
ResourceInitializationError: unable to pull secrets or registry auth:
execution resource retrieval failed: unable to retrieve secrets from
ssm: service call has been retried 1 time(s): AccessDeniedException:
User: arn:aws:sts::xxx:assumed-role...
SSM 参数是专门为 test 环境添加的,我认为它默认适用于所有环境,但显然不是。不得不为 prod 环境再次添加标签 copilot-environment.
aws ssm put-parameter \
--name /copilot/applications/core/environments/test/port \
--value '8000' \
--type SecureString \
--tags Key=copilot-environment,Value=test Key=copilot-application,Value=core
aws ssm put-parameter \
--name /copilot/applications/core/environments/prod/port \
--value '8000' \
--type SecureString \
--tags Key=copilot-environment,Value=prod Key=copilot-application,Value=core
并更新了我的 manifest.yml:
secrets: # Pass secrets from AWS Systems Manager (SSM) Parameter Store.
PORT: /copilot/applications/core/environments/test/port
# You can override any of the values defined above by environment.
environments:
prod:
secrets:
PORT: /copilot/applications/core/environments/prod/port
当我尝试使用 Copilot 将我的 负载平衡 Web 服务 部署到新环境时,我遇到了以下错误。我在 test 中拥有所有 运行,创建了一个新的 prod 环境并尝试将服务部署到其中,但任务详细信息显示停止原因:
ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secrets from ssm: service call has been retried 1 time(s): AccessDeniedException: User: arn:aws:sts::xxx:assumed-role...
SSM 参数是专门为 test 环境添加的,我认为它默认适用于所有环境,但显然不是。不得不为 prod 环境再次添加标签 copilot-environment.
aws ssm put-parameter \
--name /copilot/applications/core/environments/test/port \
--value '8000' \
--type SecureString \
--tags Key=copilot-environment,Value=test Key=copilot-application,Value=core
aws ssm put-parameter \
--name /copilot/applications/core/environments/prod/port \
--value '8000' \
--type SecureString \
--tags Key=copilot-environment,Value=prod Key=copilot-application,Value=core
并更新了我的 manifest.yml:
secrets: # Pass secrets from AWS Systems Manager (SSM) Parameter Store.
PORT: /copilot/applications/core/environments/test/port
# You can override any of the values defined above by environment.
environments:
prod:
secrets:
PORT: /copilot/applications/core/environments/prod/port