我想在EC2实例上运行boto(2.38.0)。我想在不指定凭证的情况下进行连接 - boto 可用的权限是通过 IAM:PassRole 定义定义的。
我已经有 aws CLI 命令在实例上运行(例如 aws s3 cp)。我的问题是调用boto.ec2.connect_to_region('eu-west-1')失败,如下所示:
Traceback (most recent call last):
File "/usr/local/bin/get-attached-volume", line 5, in <module>
c = boto.ec2.connect_to_region('eu-west-1')
File "/usr/local/lib/python2.7/dist-packages/boto-2.38.0-py2.7.egg/boto/ec2/__init__.py", line 66, in connect_to_region
return region.connect(**kw_params)
File "/usr/local/lib/python2.7/dist-packages/boto-2.38.0-py2.7.egg/boto/regioninfo.py", line 187, in connect
return self.connection_cls(region=self, **kw_params)
File "/usr/local/lib/python2.7/dist-packages/boto-2.38.0-py2.7.egg/boto/ec2/connection.py", line 103, in __init__
profile_name=profile_name)
File "/usr/local/lib/python2.7/dist-packages/boto-2.38.0-py2.7.egg/boto/connection.py", line 1100, in __init__
provider=provider)
File "/usr/local/lib/python2.7/dist-packages/boto-2.38.0-py2.7.egg/boto/connection.py", line 569, in __init__
host, config, self.provider, self._required_auth_capability())
File "/usr/local/lib/python2.7/dist-packages/boto-2.38.0-py2.7.egg/boto/auth.py", line 987, in get_auth_handler
'Check your credentials' % (len(names), str(names)))
boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your credentials
这个问题似乎有答案,但是从命令行运行这个答案会给我同样的失败。
那里的答案提到没有"在环境变量或 boto 配置文件中找不到其他凭据"。我找不到任何这样的配置。
您可以发布与用户关联的策略吗?我猜允许用户传递 S3 角色,但不能传递 EC2 角色。这就解释了为什么 CLI 和 boto/ec2 有效。或者尝试这个 CLI 命令,看看它是否有效:
aws ec2 list-regions