"s3:CreateBucket Access Denied" 简单的无服务器部署
"s3:CreateBucket Access Denied" on simple serverless deploy
我在尝试使用无服务器框架部署 lambda 时遇到权限问题。
它实际上不适用于一个简单的(QuickStart-给出的示例)并且我在 AWS 上拥有管理员权限。
所以我想知道我可能做错了什么。
据我所知,它可能与授予 CloudFormation 的权限相关联,但我不知道如何正确设置才能实现 运行。
尝试时
$ serverless deploy -v --region eu-west-1
我收到以下错误:
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Creating Stack...
Serverless: Checking Stack create progress...
CloudFormation - CREATE_IN_PROGRESS - AWS::CloudFormation::Stack - slstest-dev
CloudFormation - CREATE_IN_PROGRESS - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - CREATE_FAILED - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - DELETE_IN_PROGRESS - AWS::CloudFormation::Stack - slstest-dev
CloudFormation - DELETE_COMPLETE - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - DELETE_COMPLETE - AWS::CloudFormation::Stack - slstest-dev
Serverless: Operation failed!
Serverless: View the full error output: https://eu-west-1.console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aeu-west-1%3A175264504000%3Astack%2Fslstest-dev%2Fa097e1b0-994a-11eb-b621-0ad1aa52c931
Serverless Error ----------------------------------------
An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: linux
Node Version: 14.16.0
Framework Version: 2.33.1
Plugin Version: 4.5.3
SDK Version: 4.2.2
Components Version: 3.8.1
我通过
创建了一个无服务器服务
$ serverless
Serverless: No project detected. Do you want to create a new one? Yes
Serverless: What do you want to make? AWS Python
Serverless: What do you want to call this project? slstest
Project successfully created in 'slstest' folder.
You can monitor, troubleshoot, and test your new service with a free Serverless account.
Serverless: Would you like to enable this? No
You can run the “serverless” command again if you change your mind later.
$ cd slstest
这是我的 serverless.yml:
service: slstest
frameworkVersion: '2'
provider:
name: aws
runtime: python3.8
lambdaHashingVersion: 20201221
functions:
hello:
handler: handler.hello
events:
- httpApi:
path: /hello
method: post
我的 ~/.aws/credentials 文件包含
[default]
aws_access_key_id=<key>
aws_secret_access_key=<secret>
指的是管理员帐户。
尝试 运行 与 AWS_PROFILE=default serverless deploy -v --region eu-west-1 或 serverless deploy -v --region eu-west-1 --aws-profile default
相同的命令
如果仍然无效,请验证您提供的访问密钥是否确实具有使用 aws-cli.
创建 s3 存储桶的权限
原来问题出在 AWS 需要多重身份验证 (MFA)。
我通过
解决了
- 编写一个脚本,能够使用给定的配置文件动态生成经 MFA 验证的 AWS 配置文件,以识别 MFA 设备的 ARN 和 MFA 令牌,
- 使用创建的经 MFA 验证的 AWS 配置文件进行部署。
我在尝试使用无服务器框架部署 lambda 时遇到权限问题。
它实际上不适用于一个简单的(QuickStart-给出的示例)并且我在 AWS 上拥有管理员权限。
所以我想知道我可能做错了什么。
据我所知,它可能与授予 CloudFormation 的权限相关联,但我不知道如何正确设置才能实现 运行。
尝试时
$ serverless deploy -v --region eu-west-1
我收到以下错误:
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Creating Stack...
Serverless: Checking Stack create progress...
CloudFormation - CREATE_IN_PROGRESS - AWS::CloudFormation::Stack - slstest-dev
CloudFormation - CREATE_IN_PROGRESS - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - CREATE_FAILED - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - DELETE_IN_PROGRESS - AWS::CloudFormation::Stack - slstest-dev
CloudFormation - DELETE_COMPLETE - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - DELETE_COMPLETE - AWS::CloudFormation::Stack - slstest-dev
Serverless: Operation failed!
Serverless: View the full error output: https://eu-west-1.console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aeu-west-1%3A175264504000%3Astack%2Fslstest-dev%2Fa097e1b0-994a-11eb-b621-0ad1aa52c931
Serverless Error ----------------------------------------
An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: linux
Node Version: 14.16.0
Framework Version: 2.33.1
Plugin Version: 4.5.3
SDK Version: 4.2.2
Components Version: 3.8.1
我通过
创建了一个无服务器服务$ serverless
Serverless: No project detected. Do you want to create a new one? Yes
Serverless: What do you want to make? AWS Python
Serverless: What do you want to call this project? slstest
Project successfully created in 'slstest' folder.
You can monitor, troubleshoot, and test your new service with a free Serverless account.
Serverless: Would you like to enable this? No
You can run the “serverless” command again if you change your mind later.
$ cd slstest
这是我的 serverless.yml:
service: slstest
frameworkVersion: '2'
provider:
name: aws
runtime: python3.8
lambdaHashingVersion: 20201221
functions:
hello:
handler: handler.hello
events:
- httpApi:
path: /hello
method: post
我的 ~/.aws/credentials 文件包含
[default]
aws_access_key_id=<key>
aws_secret_access_key=<secret>
指的是管理员帐户。
尝试 运行 与 AWS_PROFILE=default serverless deploy -v --region eu-west-1 或 serverless deploy -v --region eu-west-1 --aws-profile default
如果仍然无效,请验证您提供的访问密钥是否确实具有使用 aws-cli.
创建 s3 存储桶的权限原来问题出在 AWS 需要多重身份验证 (MFA)。
我通过
解决了- 编写一个脚本,能够使用给定的配置文件动态生成经 MFA 验证的 AWS 配置文件,以识别 MFA 设备的 ARN 和 MFA 令牌,
- 使用创建的经 MFA 验证的 AWS 配置文件进行部署。