那些遇到过的问题

AWS CodeDeploy:服务角色不能承担提供的角色

sma*_*art 6 amazon-ec2 amazon-web-services aws-code-deploy

我正在尝试使用我的GitHub设置CodeDeploy,但我发现了一些问题.

我已经在政策service role文档中提到过了AWSCodeDeployRole.

在我的代码部署应用程序创建过程中,我遇到了一个问题:

Cannot assume role provided.
Run Code Online (Sandbox Code Playgroud)

正如我所看到的,我的角色AWSCodeDeployRole拥有很多自动缩放权限,但我不希望这样:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "autoscaling:CompleteLifecycleAction",
        "autoscaling:DeleteLifecycleHook",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DescribeLifecycleHooks",
        "autoscaling:PutLifecycleHook",
        "autoscaling:RecordLifecycleActionHeartbeat",
        "autoscaling:CreateAutoScalingGroup",
        "autoscaling:UpdateAutoScalingGroup",
        "autoscaling:EnableMetricsCollection",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DescribePolicies",
        "autoscaling:DescribeScheduledActions",
        "autoscaling:DescribeNotificationConfigurations",
        "autoscaling:DescribeLifecycleHooks",
        "autoscaling:SuspendProcesses",
        "autoscaling:ResumeProcesses",
        "autoscaling:AttachLoadBalancers",
        "autoscaling:PutScalingPolicy",
        "autoscaling:PutScheduledUpdateGroupAction",
        "autoscaling:PutNotificationConfiguration",
        "autoscaling:PutLifecycleHook",
        "autoscaling:DescribeScalingActivities",
        "autoscaling:DeleteAutoScalingGroup",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:TerminateInstances",
        "tag:GetTags",
        "tag:GetResources",
        "sns:Publish",
        "cloudwatch:DescribeAlarms",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
        "elasticloadbalancing:DeregisterInstancesFromLoadBalancer"
      ],
      "Resource": "*"
    }
  ]
}
Run Code Online (Sandbox Code Playgroud)

在一些谷歌搜索期间,我发现CodeDeploy应用程序可能期望类似于:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "codedeploy.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
Run Code Online (Sandbox Code Playgroud)

但是,当我尝试手动创建此策略时,它也会失败并显示错误:

This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies.
Run Code Online (Sandbox Code Playgroud)

那么,预期的服务角色是Code Deploy Application什么?

顺便说一句,代码部署正在我的EC2实例上运行.

sma*_*art 7

那么,根据@迈克尔评论,我发现我的一些差异Trust relationships policyService role.

看起来默认AWSCodeDeployRole无法正确处理Code Deploy.

为了解决这个问题,我已经"Service": [ "ec2.amazonaws.com"]"Service": [ "codedeploy.amazonaws.com"]

它的工作原理!

归档时间:

查看次数:

2238 次

最近记录:

8 年,4 月 前
相关归档
"授权令牌已过期"在MacOS Sierra上发布AWS-CLI 33
AWS EMR上的奇怪火花错误 23
aws 认知链接 17
使用Puma在Elastic Beanstalk上部署的Rails应用程序失败 - 每个请求都有502个错误 16
特定于环境的ebextensions命令 10
我需要对这种部分无服务器架构设计的反馈 5
Amazon Kinesis - 获取每个分片中的记录计数 5
在不使用 AWS 名称服务器的情况下让 root 指向 AWS ELB 5
知道用于监控亚马逊ec2实例的REAL性能的任何工具吗? 2
如何为 AWS 云中的每个用户创建子域 -1
难疑归档
'git pull'和'git fetch'有什么区别? 11447
"yield"关键字有什么作用? 9664
如何检查字符串是否包含Bash中的子字符串 2332
喜欢构成而不是继承? 1538
短路Array.forEach就像调用break 1429
我怎样才能存储特定文件? 1422
<meta http-equiv ="X-UA-Compatible"content ="IE = edge">是做什么用的? 1378
我在哪里将'assets'文件夹放在Android Studio中? 1366
为PHP密码保护哈希和盐 1142
#Hibernate hbm2ddl.auto配置的可能值是什么,它们做了什么 1046