时间戳

首页 > 解决方案 > 使用 EC2 IAM 角色的 Boto 间歇性“无法加载凭证”

amazon-ec2 - 使用 EC2 IAM 角色的 Boto 间歇性“无法加载凭证”

问题描述

我使用 Elastic Beanstalk 环境来部署 Web 应用程序,并为将运行应用程序的实例设置了 IAM 角色。

99.99% 的时间里,一切都完美无缺,但是我会间歇性地在我们的日志中看到错误,请求失败显示如下 botocore 错误:

File "/opt/python/run/venv/local/lib/python3.6/site-packages/boto3/resources/factory.py", line 339, in property_loader
  self.load()
File "/opt/python/run/venv/local/lib/python3.6/site-packages/boto3/resources/factory.py", line 505, in do_action
  response = action(self, *args, **kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/boto3/resources/action.py", line 83, in __call__
  response = getattr(parent.meta.client, operation_name)(**params)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/client.py", line 357, in _api_call
  return self._make_api_call(operation_name, kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/client.py", line 648, in _make_api_call
  operation_model, request_dict, request_context)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/client.py", line 667, in _make_request
  return self._endpoint.make_request(operation_model, request_dict)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/endpoint.py", line 102, in make_request
  return self._send_request(request_dict, operation_model)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/endpoint.py", line 132, in _send_request
  request = self.create_request(request_dict, operation_model)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/endpoint.py", line 116, in create_request
  operation_name=operation_model.name)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/hooks.py", line 356, in emit
  return self._emitter.emit(aliased_event_name, **kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/hooks.py", line 228, in emit
  return self._emit(event_name, kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/hooks.py", line 211, in _emit
  response = handler(**kwargs)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/signers.py", line 90, in handler
  return self.sign(operation_name, request)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/signers.py", line 157, in sign
  auth.add_auth(request)
File "/opt/python/run/venv/local/lib/python3.6/site-packages/botocore/auth.py", line 357, in add_auth
  raise NoCredentialsError
tocore.exceptions.NoCredentialsError: Unable to locate credentials

我不知道这是否只是 IAM 凭证被轮换(或类似的东西)并且实例的 boto 客户端正在尝试使用它们的竞争条件。

有关补救此问题或优雅处理此故障的任何提示?

附言

boto3==1.9.75
botocore==1.12.239
python==3.6.8

标签: amazon-ec2boto3amazon-iamamazon-elastic-beanstalkbotocore

解决方案

我们有同样的问题。我在 botocore repo Intermittent NoCredentialsError('Unable to locate credentials') error #1965中打开了一个问题

我们现在使用的解决方法是通过错误装饰器重试进行重试。到目前为止,它有效。

推荐阅读