amazon-ec2 - 使用 EC2 IAM 角色的 Boto 间歇性“无法加载凭证”
问题描述
我使用 Elastic Beanstalk 环境来部署 Web 应用程序,并为将运行应用程序的实例设置了 IAM 角色。
99.99% 的时间里,一切都完美无缺,但是我会间歇性地在我们的日志中看到错误,请求失败显示如下 botocore 错误:
File "/opt/python/run/venv/local/lib/python3.6/site-packages/boto3/resources/factory.py", line 339, in property_loader
self.load()
File "/opt/python/run/venv/local/lib/python3.6/site-packages/boto3/resources/factory.py", line 505, in do_action
response = action(self, *args, **kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/boto3/resources/action.py", line 83, in __call__
response = getattr(parent.meta.client, operation_name)(**params)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/client.py", line 648, in _make_api_call
operation_model, request_dict, request_context)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/client.py", line 667, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/endpoint.py", line 102, in make_request
return self._send_request(request_dict, operation_model)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/endpoint.py", line 132, in _send_request
request = self.create_request(request_dict, operation_model)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/endpoint.py", line 116, in create_request
operation_name=operation_model.name)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/hooks.py", line 356, in emit
return self._emitter.emit(aliased_event_name, **kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/hooks.py", line 228, in emit
return self._emit(event_name, kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/hooks.py", line 211, in _emit
response = handler(**kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/signers.py", line 90, in handler
return self.sign(operation_name, request)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/signers.py", line 157, in sign
auth.add_auth(request)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/auth.py", line 357, in add_auth
raise NoCredentialsError
tocore.exceptions.NoCredentialsError: Unable to locate credentials
我不知道这是否只是 IAM 凭证被轮换(或类似的东西)并且实例的 boto 客户端正在尝试使用它们的竞争条件。
有关补救此问题或优雅处理此故障的任何提示?
附言
boto3==1.9.75
botocore==1.12.239
python==3.6.8
解决方案
我们有同样的问题。我在 botocore repo Intermittent NoCredentialsError('Unable to locate credentials') error #1965中打开了一个问题
我们现在使用的解决方法是通过错误装饰器重试进行重试。到目前为止,它有效。
推荐阅读
- c# - 未知事件 DropGesture
- reactjs - 我们还需要用反应钩子状态做浅/深复制吗?
- c# - 使用泛型进行 C# 子类化:我需要一个额外的 ctor 泛型参数,但是如何实现?
- freeradius - Acct-Input-Octets 未知模块
- python-3.x - VS Code 不支持配置的调试类型“python”
- python - 如何在 PyCharm 中导入 .pgn 数据?
- r - 如何生成多个虚拟变量?
- f# - Fable 与 EventTarget 的语法混淆
- modelica - Modelica中图形项的常用定义
- php - 如何让 /bin/bash 在 Composer 中运行所需的 php 版本?