a-k*_*a-k 9 amazon-web-services aws-fargate
我正在尝试使用容器定义下的环境文件配置 (S3 ARN) 从 Fargate ECS 任务访问存储在 S3 存储桶中的“.env”文件。
但 ECS 任务失败,原因为“ ResourceInitializationError:无法下载 env 文件:文件下载命令:非空错误流:无法下载文件 configs-staging-1.env:无法写入临时文件:AccessDenied:拒绝访问 ... ”
我的 Fargate 任务定义附加了一个任务角色,如下所示:-
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::app-configs"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::app-configs/*"
}
]
}
并且还设置了存储桶策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:role/ecsS3AccessTaskRole"
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::app-configs"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:role/ecsS3AccessTaskRole"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::app-configs/*"
}
]
}
我在这里缺少什么许可?
小智 5
根据AWS文档(https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html),您需要将策略附加到ecsTaskExecutionRole IAM。(S3存储桶不需要添加权限)
| 归档时间: |
|
| 查看次数: |
9261 次 |
| 最近记录: |