我正在尝试将日志从 RHEL EC2 实例推送到 CloudWatch。我创建了一个 Ansible 角色来安装 cloudwatch 代理。当我运行
systemctl status amazon-cloudwatch-agent.service
[outputs.cloudwatchlogs] Retried 114 time, going to sleep 46.304092322s before retrying.
[outputs.cloudwatchlogs] Aws error received when sending logs to <log-group>/<log-stream>: NoCredentialProviders: no valid providers in chain
caused by: EnvAccessKeyNotFound: failed to find credentials in the environment.
SharedCredsLoad: failed to load profile, .
EC2RoleRequestError: no EC2 instance role found
caused by: EC2MetadataError: failed to make EC2Metadata request
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
status code: 404, request id:
[outputs.cloudwatchlogs] Retried 110 time, going to sleep 53.955265612s before retrying.
但是,我可以使用 aws cli 使用以下命令推送日志
aws logs put-log-event --log-group-name <log-group> --log-stream-name <log-stream> --log-events timestamp=<xxxxxxxxxxxx>,message="testing aws cli"最初我认为这是实例无法获取 AWS 凭证的问题,但是如果我可以使用 cli 推送到日志组,则情况显然并非如此。我的 CloudWatch 配置中是否缺少某些可能导致此错误的内容?
在 common-config.toml 中我设置了代理服务器。
我已尝试将配置文件设置为 AmazonCloudWatchAgent,但是我没有指定凭证文件,因为由于雇主的禁止,我无法在实例中包含凭证。 如果我将配置文件设置为 AmazonCloudWatchAgent(使用以下配置):
# This common-config is used to configure items used for both ssm and cloudwatch access
## Configuration for shared credential.
## Default credential strategy will be used if it is absent here:
## Instance role is used for EC2 case by default.
## AmazonCloudWatchAgent profile is used for onPremise case by default.
[credentials]
shared_credential_profile = "AmazonCloudWatchAgent"
# shared_credential_file = "{file_name}"
## Configuration for proxy.
## System-wide environment-variable will be read if it is absent here.
## i.e. HTTP_PROXY/http_proxy; HTTPS_PROXY/https_proxy; NO_PROXY/no_proxy
## Note: system-wide environment-variable is not accessible when using ssm run-command.
## Absent in both here and environment-variable means no proxy will be used.
[proxy]
http_proxy = "http://xx.xx.xx.xx"
https_proxy = "http://xx.xx.xx.xx"
# no_proxy = "{domain}"
# [ssl]
# ca_bundle_path = "{ca_bundle_file_path}"
然后我收到以下错误:
[outputs.cloudwatchlogs] Retried 4 time, going to sleep 1.70156025s before retrying.
[outputs.cloudwatchlogs] Aws error received when sending logs to <log-group>/<log-stream>: SharedCredsLoad: failed to load shared credentials file
caused by: FailedRead: unable to open file
caused by: open /root/.aws/credentials: no such file or directory
创建 IAM 角色,它允许:
..然后将其添加到您的 EC2 实例 - 安全详细信息 - IAM 角色。