我正在构建一个小型.NET Core worker服务,以便从AWS SQS队列中读取消息。要做到这一点,它需要以访问和秘钥的形式提供IAM凭证。我最初一直以docker容器的形式运行这个项目,它一直运行良好。我想启用多次运行这个容器的能力,因此同一服务的多个实例。我在Visual Studio中启用了Docker Compose,它将基本的docker compose YAML文件添加到项目中。现在,当我尝试在调试中运行解决方案时,我得到以下错误。
An exception of type 'Amazon.Runtime.AmazonServiceException' occurred in System.Private.CoreLib.dll but was not handled in user code: 'Unable to get IAM security credentials from EC2 Instance Metadata Service.'
我假设这是因为不知何故,现在解决方案无法从我的appSettings.json中读取访问和秘钥,但我不知道如何解决这个问题。
以下是我的DockerFile
FROM mcr.microsoft.com/dotnet/core/runtime:3.1-buster-slim AS base
WORKDIR /app
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
WORKDIR /src
COPY ["WorkerServiceDocker.csproj", ""]
RUN dotnet restore "./WorkerServiceDocker.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "WorkerServiceDocker.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "WorkerServiceDocker.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
RUN mkdir -p /app/logging
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "WorkerServiceDocker.dll"]
下面是Visual Studio创建的docker编译文件。
version: '3.4'
services:
workerservicedocker:
image: ${DOCKER_REGISTRY-}workerservicedocker
build:
context: .
dockerfile: Dockerfile
失败的方法是。
public async void TriggerMessageGetAsync(string queueUrl, int pollingTime)
{
var _messages = await GetMessagesAsync(queueUrl, pollingTime);
if (_messages.Count == 0)
{
_logger.LogInformation($"No messages found.");
}
else
{
foreach (var message in _messages)
{
_logger.LogInformation($"Message {message.MessageId} received OK");
}
}
}
而我的配置是从Program.cs中的appSettings.json中加载的
public class Program
{
public static void Main(string[] args)
{
Session.InstanceGuid = Guid.NewGuid().ToString();
File.Create("init.log").Close();
var logWriter = new StreamWriter("init.log");
logWriter.WriteLine("Assembly Path: " + Path.GetDirectoryName(Assembly.GetEntryAssembly().Location));
logWriter.WriteLine($"Session Guid: {Session.InstanceGuid}");
logWriter.WriteLine($"Container DateTime: {DateTime.Now}");
logWriter.Dispose();
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureServices((hostContext, services) =>
{
services.AddHostedService<Worker>();
services.AddSingleton<ILogger, Logger>(); // Using my own basic wrapper around NLog for the moment, pumped to CloudWatch.
services.AddAWSService<IAmazonSQS>();
});
}
当我使用'Docker Compose'选项在debug中运行时,输出显示已经找到了AWS凭证?
Found AWS options in IConfiguration
AWSSDK。信息: Found AWS options in IConfigurationAWSSDK: AWSSDK:信息:在IConfigurationAWSSSDK中找到AWS选项。使用AWS SDK的默认凭证搜索找到了凭证。
我不知道这个问题还应该包括什么,但希望有人能帮助我。我显然缺少一些配置或选项,以确保访问和秘钥可以从我的appSettings.json文件中读取。正如我所说,当我从我的DockerFile中作为一个单一的docker容器运行时,这工作得很好。
我没有看到你实际上在哪里指示AWS使用这些凭证,所以我将解决这个可能的问题。
首先,你的appsettings.json应该是这个格式的aws creds。
"AWS": {
"AccessKey": "abc",
"SecretKey": "xyz",
"Region": "ksjs"
},
然后试试这个解决方案 (在初始化aws服务之前明确设置环境变量)
https:/github.comawsaws-sdk-netissues499#issuecomment-276142625。