具有对 Amazon S3 文件访问权限的 Amazon Elastic Beanstalk

tag-icon tag-icon amazon-web-services amazon-s3 node.js elastic-beanstalk
具有对 Amazon S3 文件访问权限的 Amazon Elastic Beanstalk

我有一个问题亚马逊 Elastic Beanstalk亚马逊 S3设置。

从 EB 实例中我想用节点(fs.readFileSync)加载一个文件,我尝试了大量的配置 - 但都不起作用,所以你是我最后的希望。

这是我的.ebextensions/key.config

Resources:
  AWSEBAutoScalingGroup:
    Metadata:
      AWS::CloudFormation::Authentication:
        S3Auth:
          type: S3
          buckets: mybucket
          roleName: aws-elasticbeanstalk-ec2-role
files:
  /var/app/dummy.txt:
     authentication: S3Auth
     source: https://s3.eu-central-1.amazonaws.com/mybucket/dummy.txt

这里存储桶策略来自 S3

{
    "Version": "2008-10-17",
    "Id": "BeanstalkS3",
    "Statement": [
        {
            "Sid": "e-123-123",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123123:role/aws-elasticbeanstalk-ec2-role"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::mybucket/resources/environments/logs/*"
        },
        {
            "Sid": "e-123-123",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123123:role/aws-elasticbeanstalk-ec2-role"
            },
            "Action": [
                "s3:ListBucket",
                "s3:ListBucketVersions",
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::mybucket",
                "arn:aws:s3:::mybucket/*"
            ]
        }
    ]
}

现在,当我使用节点查询文件时:

fs.readFileSync('/var/app/dummy.txt')

EB 中的日志显示:

Error: ENOENT: no such file or directory, open '/var/app/dummy.txt'
    at Error (native)
    at Object.fs.openSync (fs.js:549:18)
    at Object.fs.readFileSync (fs.js:397:15)
    at /var/app/current/server.js:68:25
    at Layer.handle [as handle_request] (/var/app/current/node_modules/express/lib/router/layer.js:95:5)
    at next (/var/app/current/node_modules/express/lib/router/route.js:131:13)
    at Route.dispatch (/var/app/current/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/var/app/current/node_modules/express/lib/router/layer.js:95:5)
    at /var/app/current/node_modules/express/lib/router/index.js:277:22
    at Function.process_params (/var/app/current/node_modules/express/lib/router/index.js:330:12)
    at next (/var/app/current/node_modules/express/lib/router/index.js:271:10)
    at /var/app/current/server.js:52:3
    at Layer.handle [as handle_request] (/var/app/current/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/var/app/current/node_modules/express/lib/router/index.js:312:13)
    at /var/app/current/node_modules/express/lib/router/index.js:280:7
    at Function.process_params (/var/app/current/node_modules/express/lib/router/index.js:330:12)

重要的是,该aws-elasticbeanstalk-ec2-role角色有以下政策:

  • 亚马逊S3FullAccess
  • 亚马逊DynamoDBFullAccess
  • AWSElasticBeanstalkWebTier
  • AmazonS3ReadOnlyAccess
  • AWSElasticBeanstalk多容器Docker
  • AWSElasticBeanstalkWorkerTier
  • AWSCloudFormationReadOnlyAccess

这是来自同一问题的副本堆栈溢出,我认为这个页面更适合提出这个问题。

相关内容