无法从Cloudformation中的EC2实例访问S3 - 调用HeadObject操作时发生客户端错误(301):永久移动
问题描述:
我试图从S3存储桶中通过userdata属性下载文件到S3实例实例。但是,我得到的错误:无法从Cloudformation中的EC2实例访问S3 - 调用HeadObject操作时发生客户端错误(301):永久移动
A client error (301) occurred when calling the HeadObject operation: Moved Permanently.
我使用IAM角色,管理的策略和实例简介给实例可访问的S3存储:
"Role": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com", "s3.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "ManagedPolicyArns": [ { "Ref": "ManagedPolicy" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "069d4411-2718-400f-98dd-529bb95fd531" } } }, "RolePolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "S3Download", "PolicyDocument": { "Statement": [ { "Action": [ "s3:*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::mybucket/*" } ] }, "Roles": [ { "Ref": "Role" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "babd8869-948c-4b8a-958d-b1bff9d3063b" } } }, "InstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "Role" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "890c4df0-5d25-4f2c-b81e-05a8b8ab37c4" } } },
我尝试下载该文件在userdata属性中使用此行:
aws s3 cp s3://mybucket/login.keytab destination_directory/
有关发生什么问题的任何想法?我可以成功下载文件,如果我公开它然后从命令行使用wget,但出于某种原因使用cp时无法找到存储桶/文件,并且该文件不能公开访问。
答
Moved Permanently通常表示您正在被重定向到对象的位置。这通常是因为请求正发送到位于不同区域的端点。
添加一个--region参数,其中区域与桶的区域匹配。例如:
aws s3 cp s3://mybucket/login.keytab destination_directory/ --region ap-southeast-2
谢谢!这种改变奏效了 –