连接到S3

连接到S3

关注
发信
关注(28)粉丝(399)

boto3无法从以AWS批处理方式运行的Docker容器连接到S3

本文介绍了boto3无法从以AWS批处理方式运行的Docker容器连接到S3的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试启动存储在ECR中的Docker容器作为AWS批处理作业.该容器的入口点python脚本尝试连接到S3并下载文件.我已经将AmazonS3FullAccess的角色附加到了计算环境中的AWSBatchServiceRole上,并且还已经将AmazonS3FullAccess的角色附加了了计算资源.

I am attempting to launch a Docker container stored in ECR as an AWS batch job. The entrypoint python script of this container attempts to connect to S3 and download a file.I have attached a role with AmazonS3FullAccess to both the AWSBatchServiceRole in the compute environment and I have also attached a role with AmazonS3FullAccess to the compute resources.

这是正在记录以下错误:botocore.exceptions.ConnectTimeoutError: Connect timeout on endpoint URL: "https://s3.amazonaws.com/"

This is the following error that is being logged: botocore.exceptions.ConnectTimeoutError: Connect timeout on endpoint URL: "https://s3.amazonaws.com/"

这些实例有可能在自定义VPC(而不是默认VPC)中启动.我不确定是否会有所作为,但这也许是问题的一部分.我没有适当的检查权限.我已经在同一VPC上启动的EC2实例上测试了此Docker映像,并且一切正常.

There is a chance that these instances are being launched in a custom VPC, not the default VPC. I'm not sure this makes a difference, but maybe that is part of the problem. I do not have appropriate access to check. I have tested this Docker image on an EC2 instance launched in the same VPC and everything works as expected.

推荐答案

您提到了计算环境和计算资源.您是否已按照Job Role >这里?

You mentioned compute environment and compute resources. Did you add this S3 policy to the Job Role as mentioned here?

  1. 在任务定义中为您的任务指定IAM角色.您可以创建新的任务定义或现有任务定义的新修订版,并指定以前创建的角色.如果使用控制台创建任务定义,请在任务角色"字段中选择您的IAM角色.如果您使用AWS CLI或SDK,请使用taskRoleArn参数指定任务角色ARN.有关更多信息,请参见创建任务定义.

  1. Specify an IAM role for your tasks in the task definition. You can create a new task definition or a new revision of an existing task definition and specify the role you created previously. If you use the console to create your task definition, choose your IAM role in the Task Role field. If you use the AWS CLI or SDKs, specify your task role ARN using the taskRoleArn parameter. For more information, see Creating a Task Definition.

在运行任务时指定IAM任务角色替代.您可以在运行任务时指定IAM任务角色替代.如果使用控制台运行任务,请选择高级选项",然后在任务角色"字段中选择IAM角色.如果您使用AWS CLI或SDK,请使用覆盖JSON对象中的taskRoleArn参数指定任务角色ARN.有关更多信息,请参阅运行任务.

Specify an IAM task role override when running a task. You can specify an IAM task role override when running a task. If you use the console to run your task, choose Advanced Options and then choose your IAM role in the Task Role field. If you use the AWS CLI or SDKs, specify your task role ARN using the taskRoleArn parameter in the overrides JSON object. For more information, see Running Tasks.

这篇关于boto3无法从以AWS批处理方式运行的Docker容器连接到S3的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-12 19:11
Powered by LMLPHP ©2024 连接到S3 0.042599