我正在建立一个有弹性的beantalk环境。运行模板时出现上述错误。我添加了IAM角色,使EC2可以完全访问云形成
Resources:
TestApp:
Type: 'AWS::ElasticBeanstalk::Application'
Properties: {}
Metadata:
'AWS::CloudFormation::Designer':
id: 53bb2af6-3a68-487a-8048-34f111147171
EBE1RNK0:
Type: 'AWS::ElasticBeanstalk::Environment'
Properties:
ApplicationName: !Ref TestApp
Description: AWS Elastic Beanstalk Environment running Node Sample Application
EnvironmentName: NodejsEnvironment
SolutionStackName: 64bit Amazon Linux 2 v5.0.1 running Node.js 12
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: InstanceType
Value: t1.micro
查看屏幕快照,尝试访问S3后失败了-令人怀疑。 AWS Docs说beantalk需要访问S3,Xray和CloudWatch Logs,并提供以下示例策略。您的角色是否包含这些权限?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BucketAccess",
"Action": [
"s3:Get*",
"s3:List*",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
]
},
{
"Sid": "XRayAccess",
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "CloudWatchLogsAccess",
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
]
}
]
}
已解决:我错过了添加实例配置文件的操作,因为这将使我能够在实例开始运行时将信息传递给EC2。
这应该在您的选项设置下方。显示如下。
OptionSettings:
- Namespace: 'aws:autoscaling:launchconfiguration'
OptionName: IamInstanceProfile
Value: aws-elasticbeanstalk-ec2-role