AWS DotNet SDK 错误:无法从 EC2 实例元数据服务获取 IAM 安全凭证

AWS DotNet SDK Error: Unable to get IAM security credentials from EC2 Instance Metadata Service(AWS DotNet SDK 错误:无法从 EC2 实例元数据服务获取 IAM 安全凭证)
本文介绍了AWS DotNet SDK 错误:无法从 EC2 实例元数据服务获取 IAM 安全凭证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我使用 这里 以便在 c# 代码中从 AWS SecretsManager 检索密钥.

I use an example from here in order to retreive a secret from AWS SecretsManager in c# code.

我已经通过 AWS CLI 在本地设置了凭证,并且我能够使用 AWS CLI 命令aws secretsmanager list-secrets"检索密钥列表.

I have set credentials locally via AWS CLI, and I am able to retreive secret list using AWS CLI command "aws secretsmanager list-secrets".

但是 c# 控制台应用程序失败并出现错误:

But c# console app fails with an error:

> Unhandled exception. System.AggregateException: One or more errors occurred. (Unable to get IAM security credentials from EC2 Instance Metadata Service.)
 ---> Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.FetchCredentials()
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentials()
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentialsAsync()
   at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext)
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at System.Threading.Tasks.Task`1.get_Result()
   at AWSConsoleApp2.GetSecretValueFirst.GetSecret() in D:WorkProjectsTrainingAWSConsoleApp2AWSConsoleApp2GetSecretValueFirst.cs:line 53
   at AWSConsoleApp2.Program.Main(String[] args) in D:WorkProjectsTrainingAWSConsoleApp2AWSConsoleApp2Program.cs:line 11

当我改变原来的构造函数调用时

When I change original constructor call

IAmazonSecretsManager 客户端 = 新 AmazonSecretsManagerClient();

IAmazonSecretsManager client = new AmazonSecretsManagerClient();

添加 AWSCredentials 类型的继承参数

with adding inherited parameter of type AWSCredentials

IAmazonSecretsManager 客户端 = new AmazonSecretsManagerClient(new StoredProfileAWSCredentials());

IAmazonSecretsManager client = new AmazonSecretsManagerClient(new StoredProfileAWSCredentials());

效果很好.

Class StoredProfileAWSCredentials 已过时,但可以使用它.我使用在其他机器上正常工作的库,我无法更改它们.

Class StoredProfileAWSCredentials is obsolete but it works to use it. I use libraries that work without errors on the other machines and I cannot change them.

我使用属于 Administrators 组并具有 SecretsMnager 完全访问权限的用户的凭据.C#代码中已正确设置区域,配置文件为默认值.

I use credentials for user that belongs to Administrators group and has full access to SecretsMnager. Region has set properly in c# code, profile is default.

有什么想法吗?感谢提前

Any ideas? Thanks for advance

推荐答案

我遇到了同样的问题,这是我在开发环境中解决的方法

I had the same issue, here is how I fixed it on my development environment

  1. 我使用适用于 Visual Studio 的 AWS 扩展创建了一个 AWS 配置文件
  2. 设置配置文件后,使用配置文件传递凭据,它对我来说很好

这里要注意,访问密钥管理器的用户配置文件应该有一个为密钥管理器分配的有效安全组.

Point to note here, the user profile accessing the key manager should have a valid security group assigned for the Secrets manager.

试试看,告诉我结果如何.

Try it out let me know, how it went.

这篇关于AWS DotNet SDK 错误:无法从 EC2 实例元数据服务获取 IAM 安全凭证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

相关文档推荐

The reference assemblies for framework .NETCore, Version=v5.0 were not found(未找到框架 .NETCore,Version=v5.0 的参考程序集)
Good-practices: How to reuse .csproj and .sln files to create your MSBuild script for CI?(良好实践:如何重用 .csproj 和 .sln 文件来为 CI 创建 MSBuild 脚本?)
Run an MSBuild target only if project is actually built(仅在实际构建项目时运行 MSBuild 目标)
Build project with Microsoft.Build API(使用 Microsoft.Build API 构建项目)
Add a msbuild task that runs after building a .NET Core project in Visual Studio 2017 RC(添加在 Visual Studio 2017 RC 中构建 .NET Core 项目后运行的 msbuild 任务)
Assembly binding error when building Office add-in: quot;FindRibbonsquot; task failed unexpectedly(构建 Office 加载项时的程序集绑定错误:“FindRibbons任务意外失败)