2
在us-east-1的ec2實例上運行時,我無法讓boto使用IAM進行身份驗證。 AMI是最近的亞馬遜Linux。IAM憑據錯誤404
$ python
Python 2.6.8 (unknown, Mar 14 2013, 09:31:22)
[GCC 4.6.2 20111027 (Red Hat 4.6.2-2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import boto
>>> boto.__version__
'2.13.3'
>>> c = boto.connect_s3()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/site-packages/boto/__init__.py", line 135, in connect_s3
return S3Connection(aws_access_key_id, aws_secret_access_key, **kwargs)
File "/usr/lib/python2.6/site-packages/boto/s3/connection.py", line 174, in __init__
validate_certs=validate_certs)
File "/usr/lib/python2.6/site-packages/boto/connection.py", line 557, in __init__
host, config, self.provider, self._required_auth_capability())
File "/usr/lib/python2.6/site-packages/boto/auth.py", line 728, in get_auth_handler
'Check your credentials' % (len(names), str(names)))
boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV1Handler'] Check your credentials
感謝https://github.com/boto/boto/pull/1175我能夠獲得更多信息。顯然它試圖使用IAM,但是失敗。
>>> import os
>>> boto.set_stream_logger('boto')
>>> c = boto.connect_s3()
2013-09-26 21:52:11,685 boto [DEBUG]:Retrieving credentials from metadata server.
2013-09-26 21:52:11,688 boto [ERROR]:Caught exception reading instance data
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/boto/utils.py", line 211, in retry_url
r = opener.open(req)
File "/usr/lib64/python2.6/urllib2.py", line 397, in open
response = meth(req, response)
File "/usr/lib64/python2.6/urllib2.py", line 510, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.6/urllib2.py", line 435, in error
return self._call_chain(*args)
File "/usr/lib64/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib64/python2.6/urllib2.py", line 518, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
HTTPError: HTTP Error 404: Not Found
2013-09-26 21:52:11,725 boto [ERROR]:Unable to read instance data, giving up
快速tcpdump的同意:博託連接到instance-data.ec2.internal
與GET /latest/meta-data/iam/security-credentials/
,然後接收404 Not Found
。這似乎是第一個也是唯一的HTTP請求。到目前爲止,我還沒有找到任何類似問題的報告,但也許boto應該在該GET
請求路徑末尾提供一個角色名稱?
有人看到我在做什麼錯了嗎?我該如何調試這個問題?
感謝您的想法。我不再有權訪問有問題的IAM帳戶,但這聽起來似乎合理。 IAM賬戶能夠在AWS控制檯中完成我所需的一切,但boto可能需要額外的權限纔有意義。 – mblakele