因此,我尝试使用 AWS CLI 列出帐户中的客户网关。问题是,我只能让它使用来自配置文件的凭证,而不能使用来自环境变量的凭证。
我知道我肯定在这里遗漏了一些简单的东西,但我无论如何也看不出是什么。
如果我使用在 ~/.aws/credentials 中定义的配置文件,则一切都正常:
$ aws sts get-caller-identity --profile devops-preprod-deploy
{
"UserId": "AROAT6IOCTARVOTPZB4CD:botocore-session-1576056489",
"Account": "123149340123",
"Arn": "arn:aws:sts::123149340123:assumed-role/pdapreprod-deployment-role/botocore-session-1576056489"
}
$ aws ec2 describe-customer-gateways --profile devops-preprod-deploy
{
"CustomerGateways": [
{
"BgpAsn": "65000",
"CustomerGatewayId": "cgw-0123851d01236295b",
"IpAddress": "123.58.165.123",
"State": "available",
"Type": "ipsec.1",
"Tags": [
{
"Key": "Name",
"Value": "Office"
}
]
}
]
}
如果我使用承担角色并将临时凭证放入环境中,它不起作用:
$ export AWS_ACCESS_KEY_ID="ASIBT6IOCTNRTS..."
$ export AWS_SECRET_ACCESS_KEY="rNFhltabK9Rfk69xj/2..."
$ export AWS_SESSION_TOKEN="FwoGZXIvYXdzELT///////..."
$ aws sts get-caller-identity
{
"UserId": "AROAT6IOCTARVOTPZB4CD:pdapreprod-deployment-role",
"Account": "123149340123",
"Arn": "arn:aws:sts::123149340123:assumed-role/pdapreprod-deployment-role/myname"
}
$ aws ec2 describe-customer-gateways
{
"CustomerGateways": []
}
我究竟做错了什么?
答案1
很可能您查询了错误的区域。有几种方法可以设置它:
作为 aws-cli 参数:
aws --region us-east-1 ec2 describe-customer-gateways
环境变量:
AWS_DEFAULT_PROFILE=us-east-1 aws ec2 describe-customer-gateways
在
~/.aws/config
:[default] region=us-east-1
希望有帮助:)