2

在 us-east-1 的 ec2 实例上运行,我无法让 boto 使用 IAM 进行身份验证。AMI 是最近的 Amazon linux。

$ python
Python 2.6.8 (unknown, Mar 14 2013, 09:31:22) 
[GCC 4.6.2 20111027 (Red Hat 4.6.2-2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import boto
>>> boto.__version__
'2.13.3'
>>> c = boto.connect_s3()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.6/site-packages/boto/__init__.py", line 135, in connect_s3
    return S3Connection(aws_access_key_id, aws_secret_access_key, **kwargs)
  File "/usr/lib/python2.6/site-packages/boto/s3/connection.py", line 174, in __init__
    validate_certs=validate_certs)
  File "/usr/lib/python2.6/site-packages/boto/connection.py", line 557, in __init__
    host, config, self.provider, self._required_auth_capability())
  File "/usr/lib/python2.6/site-packages/boto/auth.py", line 728, in get_auth_handler
    'Check your credentials' % (len(names), str(names)))
boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV1Handler'] Check your credentials

感谢https://github.com/boto/boto/pull/1175我能够获得更多信息。显然它正在尝试使用 IAM,但失败了。

>>> import os
>>> boto.set_stream_logger('boto')
>>> c = boto.connect_s3()
2013-09-26 21:52:11,685 boto [DEBUG]:Retrieving credentials from metadata server.
2013-09-26 21:52:11,688 boto [ERROR]:Caught exception reading instance data
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/boto/utils.py", line 211, in retry_url
    r = opener.open(req)
  File "/usr/lib64/python2.6/urllib2.py", line 397, in open
    response = meth(req, response)
  File "/usr/lib64/python2.6/urllib2.py", line 510, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib64/python2.6/urllib2.py", line 435, in error
    return self._call_chain(*args)
  File "/usr/lib64/python2.6/urllib2.py", line 369, in _call_chain
    result = func(*args)
  File "/usr/lib64/python2.6/urllib2.py", line 518, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
HTTPError: HTTP Error 404: Not Found
2013-09-26 21:52:11,725 boto [ERROR]:Unable to read instance data, giving up

一个快速的 tcpdump 同意: boto 连接到instance-data.ec2.internalwithGET /latest/meta-data/iam/security-credentials/然后接收404 Not Found. 这似乎是第一个也是唯一一个 HTTP 请求。到目前为止,我还没有找到任何关于类似问题的报告,但也许 boto 应该在该GET请求路径的末尾提供一个角色名称?

有人看到我做错了什么吗?我该如何调试这个问题?

4

1 回答 1

2 
boto.exception.NoAuthHandlerFound: [...] Check your credentials

当您使用 IAM 时,您必须确保您对 S3 有足够的权限,即通过将策略附加到Amazon S3 Full Access您的用户。

于 2014-01-16T12:36:55.163 回答