我对cloudformation和AWS很陌生。然而,我尝试运行cloudformation脚本来创建一个角色,并将S3 bucket文件复制到apache服务器中。这就是脚本:
SRS3ReadOnlyEC2:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- "sts:AssumeRole"
Path: /
Policies:
- PolicyName: WebServersS3ReadRole
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: "Allow"
Action:
- S3:List*
- S3:Get*
Resource: "*"
ProfileWithRolesForOurApp:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- !Ref SRS3ReadOnlyEC2
WebAppLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
UserData:
Fn::Base64: !Sub |
#!/bin/bash
apt-get update -y
apt-get install unzip awscli -y
apt-get install apache2 -y
systemctl start apache2.service
cd /var/www/html
aws s3 cp s3://my-mini-site/index.html .
ImageId: ami-0729e439b6769d6ab
KeyName: keyname
SecurityGroups:
- Ref: WebServerSecGroup
InstanceType: t3.medium
BlockDeviceMappings:
- DeviceName: "/dev/sdk"
Ebs:
VolumeSize: '10'
问题是apache服务器启动正常,并显示apache服务器默认页面。这意味着我复制的S3文件要么没有复制,要么出现了其他问题。S3 bucket是公开的,所以我真的很难理解我做错了什么。任何帮助都将不胜感激。
ETA:从我的日志文件来看,一切都很好,直到我开始得到这个:
Starting The Apache HTTP Server...
[[0;32m OK [0m] Started The Apache HTTP Server.
[ 67.919309] cloud-init[1908]: Processing triggers for libc-bin (2.27-3ubuntu1.6) ...
[ 67.934647] cloud-init[1908]: Processing triggers for systemd (237-3ubuntu10.53) ...
[ 68.086923] cloud-init[1908]: Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
[ 68.438494] cloud-init[1908]: Processing triggers for ufw (0.36-0ubuntu0.18.04.2) ...
[ 68.527745] cloud-init[1908]: Processing triggers for ureadahead (0.100.0-21) ...
[ 70.280139] cloud-init[1908]: fatal error: Unable to locate credentials
[ 70.745576] cloud-init[1908]: fatal error: Unable to locate credentials
我们在这里谈论的是哪种证书?是AWS配置的配置文件吗?再次感谢
好的。多亏了@Mahesh,我发现我没有将创建的角色与实例关联起来。在WebLaunchConfig资源中,我省略了这个属性:
IamInstanceProfile: !Ref ProfileWithRolesForOurApp
在包含了那行代码之后,堆栈就像一个符咒!