小贝子编程

EC2 API验证访问凭证出错



我按照amazon指南安装了ec2 api。我将访问id和secret设置为环境变量。

这是我的个人资料:

export AWS_ACCESS_KEY=XXXXX

export AWS_SECRET_KEY=XXXXXX

export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

export EC2_HOME=/usr/local/ec2/ec2-api-tools-1.7.1.0

出口路径= $路径:$ EC2_HOME/bin

一切看起来都配置好了,但是我不能连接到aws。

下面是详细模式下命令ec2-describe-regions的输出: 
Client.AuthFailure: AWS was not able to validate the provided access credentials
ubuntu@ip:~$ ec2dre -v
Setting User-Agent to [ec2-api-tools 1.7.1.0]
2014-07-14 19:10:34,898 [main] DEBUG org.apache.http.wire  - >> "POST / HTTP/1.1[r][n]"
2014-07-14 19:10:34,912 [main] DEBUG org.apache.http.wire  - >> "Host: ec2.amazonaws.com[r][n]"
2014-07-14 19:10:34,912 [main] DEBUG org.apache.http.wire  - >> "X-Amz-Date: 20140714T191033Z[r][n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Authorization: AWS4-HMAC-SHA256 Credential=AKIAIT64V5MH2HHF5QZQ/20140714/us-east-1/ec2/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=06920c7d37a24d8244feb630d87310238886294d3ae2ab40f68a362a799d9a62[r][n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "User-Agent: ec2-api-tools 1.7.1.0, aws-sdk-java/unknown-version Linux/3.2.0-36-virtual OpenJDK_64-Bit_Server_VM/24.51-b03[r][n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Content-Type: application/x-www-form-urlencoded; charset=utf-8[r][n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Content-Length: 41[r][n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Connection: Keep-Alive[r][n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "[r][n]"
2014-07-14 19:10:34,914 [main] DEBUG org.apache.http.wire  - >> "Action=DescribeRegions&Version=2014-06-15"
2014-07-14 19:10:34,984 [main] DEBUG org.apache.http.wire  - << "HTTP/1.1 401 Unauthorized[r][n]"
2014-07-14 19:10:35,002 [main] DEBUG org.apache.http.wire  - << "Transfer-Encoding: chunked[r][n]"
2014-07-14 19:10:35,003 [main] DEBUG org.apache.http.wire  - << "Date: Mon, 14 Jul 2014 19:18:34 GMT[r][n]"
2014-07-14 19:10:35,003 [main] DEBUG org.apache.http.wire  - << "Server: AmazonEC2[r][n]"
2014-07-14 19:10:35,010 [main] DEBUG org.apache.http.wire  - << "[r][n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "fe[r][n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "<?xml version="1.0" encoding="UTF-8"?>[n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>cd2b128b-3d70-425b-a8a7-4856fd9a6b99</RequestID></Response>"
2014-07-14 19:10:35,278 [main] DEBUG org.apache.http.wire  - << "[r][n]"
2014-07-14 19:10:35,279 [main] DEBUG org.apache.http.wire  - << "0[r][n]"
2014-07-14 19:10:35,279 [main] DEBUG org.apache.http.wire  - << "[r][n]"
Client.AuthFailure: AWS was not able to validate the provided access credentials
Request ID: cd2b128b-3d70-425b-a8a7-4856fd9a6b99

检查服务器时钟是否同步

如果时钟被延迟,会导致这个错误:

AWS was not able to validate the provided access credentials

当我的系统时钟设置错误时,我遇到了这个问题。

在我的情况下,时钟快了两个小时。

同样重要的是将命令放在.bashrc或类似的文件(.bash_aliases)中: 
export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXX"
export AWS_SECRET_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

当有运行source ~/.bashrc

这样做的重要性在于,当运行ec2命令时,将创建新的shell实例,否则不会获得环境变量。

执行aws s3 ls命令确认错误是否与时间同步有关。您应该得到如下错误:

调用ListBuckets操作时发生错误(requesttimeoo歪斜):请求时间与当前时间之间的差异太大。

如果是,请尝试按照建议同步日期时间。

Linux上的shell命令示例:

# Install the ntpdate client for setting system time from NTP servers.
sudo apt-get --yes install ntpdate
sudo ntpdate 0.amazon.pool.ntp.org

然后重试aws命令。

如果仍然不正确,执行命令:sudo dpkg-reconfigure tzdata配置,或者通过:

timedatectl list-timezones
timedatectl set-timezone 'Europe/London'

请参见:Configure localtime。dpkg-reconfigure tzdata .

AWS CLI对我来说工作得很好,但突然它开始失败,出现以下错误

A client error (AuthFailure) occurred when calling the DescribeTags operation: AWS was not able to validate the provided access credentials

尝试使用一组新的凭据,但是没有帮助。

它仅在EC2实例上执行停止-启动后才工作(重新启动也可能工作)。因此,这似乎是执行aws cli的特定EC2实例的问题。

这也可能是由于您试图到达哪个区域的问题。我有一个剧本,试图在所有地区扮演角色,并在香港(ap-east-1)不断得到这个。您必须首先启用该区域才能访问它。如果您没有启用以下区域,您将收到此错误:

ap-east-1
cn-north-1
cn-northwest-1
us-gov-east-1
us-gov-west-1

奇怪的是,ap-northeast-3也给出了一个错误,但它的错误是OptInRequired

我也遇到过类似的问题。我本地服务器的时钟关闭了。我用下面的命令纠正了它。

sudo日期- s " $ (wget通联————max-redirect google.com 2> = 0和1 | grep日期:|切- d ' -f5-8) Z"

For CentOS

# install ntpdate
sudo yum install ntpdate
# install policy kit 
sudo yum install polkit
# start ntpd service
sudo systemctl start ntpd.service
sudo ntpdate 0.amazon.pool.ntp.org

您还可以重新配置aws凭据

aws configure

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium