“aws ec2 describe-customer-gateways” 忽略环境凭证

“aws ec2 describe-customer-gateways” 忽略环境凭证

因此,我尝试使用 AWS CLI 列出帐户中的客户网关。问题是,我只能让它使用来自配置文件的凭证,而不能使用来自环境变量的凭证。

我知道我肯定在这里遗漏了一些简单的东西,但我无论如何也看不出是什么。

如果我使用在 ~/.aws/credentials 中定义的配置文件,则一切都正常:

$ aws sts get-caller-identity --profile devops-preprod-deploy
{
    "UserId": "AROAT6IOCTARVOTPZB4CD:botocore-session-1576056489",
    "Account": "123149340123",
    "Arn": "arn:aws:sts::123149340123:assumed-role/pdapreprod-deployment-role/botocore-session-1576056489"
}

$ aws ec2 describe-customer-gateways --profile devops-preprod-deploy
{
    "CustomerGateways": [
        {
            "BgpAsn": "65000",
            "CustomerGatewayId": "cgw-0123851d01236295b",
            "IpAddress": "123.58.165.123",
            "State": "available",
            "Type": "ipsec.1",
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "Office"
                }
            ]
        }
    ]
}

如果我使用承担角色并将临时凭证放入环境中,它不起作用:

$ export AWS_ACCESS_KEY_ID="ASIBT6IOCTNRTS..."
$ export AWS_SECRET_ACCESS_KEY="rNFhltabK9Rfk69xj/2..."
$ export AWS_SESSION_TOKEN="FwoGZXIvYXdzELT///////..."
$ aws sts get-caller-identity
{
    "UserId": "AROAT6IOCTARVOTPZB4CD:pdapreprod-deployment-role",
    "Account": "123149340123",
    "Arn": "arn:aws:sts::123149340123:assumed-role/pdapreprod-deployment-role/myname"
}

$ aws ec2 describe-customer-gateways
{
    "CustomerGateways": []
}

我究竟做错了什么?

答案1

很可能您查询了错误的区域。有几种方法可以设置它:

  1. 作为 aws-cli 参数:

    aws --region us-east-1 ec2 describe-customer-gateways
    
  2. 环境变量:

    AWS_DEFAULT_PROFILE=us-east-1
    aws ec2 describe-customer-gateways
    
  3. ~/.aws/config

    [default]
    region=us-east-1
    

希望有帮助:)

相关内容