abe*_*.co 3 amazon-s3 amazon-ec2 amazon-web-services
我有一个 S3 存储桶,其中包含我的 ova 文件。文件名不包含空格等。S3存储桶在我的默认区域中。我已经创建了角色和信任策略,如https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html#import-image-prereqs中所述
我调用以下命令来开始导入:
aws ec2 import-image --description "IBM QRadar CE 733" --license-type BYOL --disk-containers file://containers.json
{
"Description": "IBM QRadar CE 733",
"ImportTaskId": "import-ami-xxxxxxxxxxxx",
"LicenseType": "BYOL",
"Progress": "1",
"SnapshotDetails": [
{
"Description": "QRadarCE733",
"DiskImageSize": 0.0,
"Format": "OVA",
"UserBucket": {
"S3Bucket": "ibmqradarce733",
"S3Key": "QRadarCE733GA_v1_0.ova"
}
}
],
"Status": "active",
"StatusMessage": "pending"
}
container.json 包含:
[{
"Description": "QRadarCE733",
"Format": "OVA",
"UserBucket": {
"S3Bucket": "ibmqradarce733",
"S3Key": "QRadarCE733GA_v1_0.ova"
}
}]
请注意:我已将 xxx 添加到 ImportTaskId。在“验证”阶段几秒钟后,我收到错误:
ClientError: Disk validation failed [We do not have access to the given resource. Reason 403 Forbidden]
以下是完整回复:(请注意:我已将 xxx 添加到 ImportTaskId)
aws ec2 describe-import-image-tasks --import-task-ids import-ami-0a09ee6b0e35d8ca0
{
"ImportImageTasks": [
{
"Description": "IBM QRadar CE 733",
"ImportTaskId": "import-ami-xxxxxxxxxxxxx",
"LicenseType": "BYOL",
"SnapshotDetails": [],
"Status": "deleting",
"StatusMessage": "ClientError: Disk validation failed [We do not have access to the given resource. Reason 403 Forbidden]",
"Tags": []
}
]
}
确保附加到 vmimport 角色的 vmimport 策略允许访问包含 .ova 文件的 S3 存储桶。
如果您从文档中逐字复制策略,则需要对其进行编辑以显式授予对 S3 存储桶的访问权限。
本节:
"Resource": [
"arn:aws:s3:::disk-image-file-bucket",
"arn:aws:s3:::disk-image-file-bucket/*"
]
应该变成:
"Resource": [
"arn:aws:s3:::ibmqradarce733",
"arn:aws:s3:::ibmqradarce733/*"
]
| 归档时间: |
|
| 查看次数: |
12959 次 |
| 最近记录: |