我昨天能够成功地将代码部署到ec2实例,今天部署时突然出现奇怪的错误。
错误:
The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems. (Error code: HEALTH_CONSTRAINTS)
然后我在ec2实例的日志文件中发现了问题,如下所示
"InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile"
所以我通过以下方式检查我的 ec2 实例是否真的正确承担了角色
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/CodeDeployInstanceRole
它显示在下面的输出
{
"Code" : "AssumeRoleUnauthorizedAccess",
"Message" : "EC2 cannot assume the role CodeDeployInstanceRole. Please see documentation at http://docs.amazonwebservices.com/IAM/latest/UserGuide/RolesTroubleshooting.html.",
"LastUpdated" : "2017-01-27T06:23:24Z"
}
我创建了两个实例角色CodeDeployInstance Role(AmazonEC2RoleforAWSCodeDeploy策略)和CodeDeployServiceRole(AWSCodeDeployRole策略),它们已正确设置。我在启动时向 ec2 实例添加了实例角色。但不确定为什么我的 ec2 实例无法承担实例角色。
对于实例配置文件 IAM 角色,您希望确保在信任关系中信任 ec2 终端节点。有人可能会意外删除该信任关系。