使用 AWS CLI 进行 Bash - 无法找到凭证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31425838/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Bash with AWS CLI - unable to locate credentials
提问by Smajl
I have a shell script which is supposed to download some files from S3 and mount an ebs drive. However, I always end up with "Unable to locate credentials".
我有一个 shell 脚本,它应该从 S3 下载一些文件并安装一个 ebs 驱动器。但是,我总是以“无法找到凭据”告终。
I have specified my credentials with the aws configurecommand and the commands work outside the shell script. Could somebody, please, tell me (preferably in detail) how to make it work?
我已经使用aws configure命令指定了我的凭据,并且这些命令在 shell 脚本之外工作。有人可以告诉我(最好是详细的)如何使它工作?
This is my script
这是我的脚本
#!/bin/bash
AWS_CONFIG_FILE="~/.aws/config"
echo
sudo mkfs -t ext4
sudo mkdir /s3-backup-test
sudo chmod -R ugo+rw /s3-backup-test
sudo mount /s3-backup-test
sudo aws s3 sync s3://backup-test-s3 /s3-backup/test
du -h /s3-backup-test
ipt (short version):
Thanks for any help!
谢谢你的帮助!
回答by meuh
sudowill change the $HOMEdirectory (and therefore ~) to /root, and remove most bash variables like AWS_CONFIG_FILE from the environment. Make sure you do everything with aws as root or as your user, dont mix.
sudo会将$HOME目录(因此~)更改为 /root,并从环境中删除大多数 bash 变量,如 AWS_CONFIG_FILE。确保您以 root 或您的用户身份使用 aws 执行所有操作,不要混用。
Make sure you did sudo aws configurefor example. And try
sudo aws configure例如,确保你做到了。并尝试
sudo bash -c 'AWS_CONFIG_FILE=/root/.aws/config aws s3 sync s3://backup-test-s3 /s3-backup/test'
You might prefer to remove all the sudo from inside the script, and just sudo the script itself.
您可能更喜欢从脚本内部删除所有 sudo,而只对脚本本身进行 sudo。
回答by Josip Rodin
This isn't necessarily related to the original question, but I came across this when googling a related issue, so I'm going to write it up in case it may help anyone else. I set up awson a specific user, and tested using sudo -H -u thatuser aws ..., but it didn't work with awscli 1.2.9 installed on Ubuntu 14.04:
这不一定与原始问题有关,但我在谷歌搜索相关问题时遇到了这个问题,所以我将把它写下来,以防它可以帮助其他人。我设置了aws特定用户,并使用 进行了测试sudo -H -u thatuser aws ...,但它不适用于安装在 Ubuntu 14.04 上的 awscli 1.2.9:
% sudo -H -u thatuser aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region us-east-1 config_file ~/.aws/config
I had to upgrade it using pip install awscli, which brought in newer versions of awscli (1.11.93), boto, and a myriad of other stuff (awscli docutils botocore rsa s3transfer jmespath python-dateutil pyasn1 futures), but it resulted in things starting to work properly:
我不得不使用 升级它pip install awscli,它带来了较新版本的 awscli (1.11.93)、boto 和无数其他东西(awscli docutils botocore rsa s3transfer jmespath python-dateutil pyasn1 futures),但它导致事情开始工作适当地:
% sudo -H -u thatuser aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************WXYZ shared-credentials-file
secret_key ****************wxyz shared-credentials-file
region us-east-1 config-file ~/.aws/config
回答by Himanshu Gupta
While you might have your credentials and config file properly located in ~/.aws, it might not be getting picked up by your user account.
虽然您的凭据和配置文件可能正确位于 ~/.aws 中,但您的用户帐户可能无法获取它。
Run this command to see if your credentials have been set:aws configure list
运行此命令以查看您的凭据是否已设置:aws configure list
To set the credentials, run this command: aws configureand then enter the credentials that are specified in your ~/.aws/credentials file.
要设置凭据,请运行以下命令:aws configure然后输入在 ~/.aws/credentials 文件中指定的凭据。
回答by Remotec
Answering in case someone stumbles across this based on the question's title.
回答以防有人根据问题的标题偶然发现此问题。
I had the same problem where by the AWS CLI was reporting unable to locate credentials.
我在 AWS CLI 报告的地方遇到了同样的问题unable to locate credentials。
I had removed the [default]set of credentials from my credentialsfile as I wasn't using them and didn't think they were needed. It seems that they are.
我已经[default]从我的credentials文件中删除了这组凭据,因为我没有使用它们并且认为不需要它们。似乎他们是。
I then reformed my file as follows and it worked...
然后我按如下方式修改了我的文件并且它起作用了......
[default]
aws_access_key_id=****
aws_secret_access_key=****
region=eu-west-2
[deployment-profile]
aws_access_key_id=****
aws_secret_access_key=****
region=eu-west-2
回答by Boyd Hemphill
A foolish and cautionary tail of a rusty script slinger:
一个生锈的脚本甩尾者的愚蠢而谨慎的尾巴:
I had defined the variable HOME in my script as a place were the script should go to build the platform.
我在我的脚本中定义了变量 HOME 作为脚本应该去构建平台的地方。
This variable overwrote the envvar that defines the shell users $HOME. So the AWS command could not find ~/.aws/credentialsbecause ~was referencing the wrong place.
该变量覆盖了env定义 shell 用户的变量$HOME。所以 AWS 命令找不到,~/.aws/credentials因为~引用了错误的地方。
I hate to admit it, but I hope it helps saves someone some time.
我不想承认这一点,但我希望它有助于节省一些时间。
回答by shonky linux user
If you are using a .aws/configfile with roles ensure sure your config file is correctly formatted. In my case I had forgotten to put the role_arn =in front of the arn. The default profile sits in the .aws/credentialsfile and contains the access key id and secret access key of the iam identity.
如果您使用.aws/config带有角色的文件,请确保您的配置文件格式正确。就我而言,我忘记将 放在role_arn =arn 前面。默认配置文件位于.aws/credentials文件中,包含 iam 身份的访问密钥 ID 和秘密访问密钥。
The config file contains the role details:
配置文件包含角色详细信息:
[profile myrole]
role_arn = arn:aws:iam::123456789012:role/My-Role
source_profile = default
mfa_serial = arn:aws:iam::987654321098:mfa/my-iam-identity
region=ap-southeast-2
You can quickly test access by calling
您可以通过调用快速测试访问
aws sts get-caller-identity --profile myrole
If you have MFA enabled like I have you will need to enter it when prompted.
如果您像我一样启用了 MFA,则需要在出现提示时输入它。
Enter MFA code for arn:aws:iam::987654321098:mfa/my-iam-identity:
{
"UserId": "ARABCDEFGHIJKLMNOPQRST:botocore-session-15441234567",
"Account": "123456789012",
"Arn": "arn:aws:sts::123456789012:assumed-role/My-Role/botocore-session-15441234567"
}
回答by LeOn - Han Li
Was hitting this error today when running aws cli on EC2. My situations is I could get credentials info when running aws configure list. However I am running in a corporate environment that doing things like aws kms decryptrequires PROXY. As soon as I set proxy, the aws credentials info will be gone.
今天在EC2上运行 aws cli 时遇到了这个错误。我的情况是我可以在运行时获取凭据信息aws configure list。但是,我在一个公司环境中运行,aws kms decrypt需要做类似的事情PROXY。一旦我设置了代理,aws 凭据信息就会消失。
export HTTP_PROXY=aws-proxy-qa.cloud.myCompany.com:8099
export HTTPS_PROXY=aws-proxy-qa.cloud.myCompany.com:8099
Turns out I also have to set NO_PROXYand have the ec2 metadata address in the list 169.254.169.254. Also, since you should be going via an s3 endpoint, you should normally have .amazonaws.comin the no_proxy too.
结果我还必须NO_PROXY在列表中设置和拥有 ec2 元数据地址169.254.169.254。此外,由于您应该通过 s3 端点,因此您通常也应该.amazonaws.com在 no_proxy 中。
export NO_PROXY=169.254.169.254,.amazonaws.com
回答by thelogix
I ran into this trying to run an aws-cli command from roots cron.
我在尝试从 root cron 运行 aws-cli 命令时遇到了这个问题。
Since credentials are stored in $HOME/.aws/credentials and I initialized aws-cli through sudo, $HOME is still /home/user/. When running from cron, $HOME is /root/ and thus cron cannot find the file.
由于凭据存储在 $HOME/.aws/credentials 中,并且我通过sudo初始化了 aws-cli ,因此 $HOME 仍然是 /home/user/。从 cron 运行时,$HOME 是 /root/,因此 cron 找不到该文件。
The fix was to change $HOME for the specific cron job. Example:
解决方法是为特定的 cron 作业更改 $HOME。例子:
00 12 * * * HOME=/home/user aws s3 sync s3://...
(alternatives includes moving, copying or symlinking the .aws dir, from /home/user/ to /root/)
(替代方法包括将 .aws 目录从 /home/user/ 移动、复制或符号链接到 /root/)
