问题
We have node service(V8.15.1) deployed on AWS EC2 containers using ECS.We have AWS_ACCESS_KEY setup in environment as well as a role is mapped to EC2 instances. I am supposed to use EC2 instance role to access AWS SSM. So, i tried below:
AWS.config.credentials = new AWS.EC2MetadataCredentials();
and tried to read parameter from SSM. i get below error:
{
"msg": "User: arn:aws:sts::AccountID:assumed-role/role-name/i-*****92a is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:resource_id:parameter/parame_id"
}
Please note, i-*****92a(instance id in role name) which i think doesn't let me access SSM parameter because actual role name is without instanceid in it.
Expected: It should have resulted into actual role name without instanceid appended.
回答1:
We figured, it is a normal behaviour. The issue was that one of the parameter nme set was wrong in SSM and hence this role was not able read that.
来源:https://stackoverflow.com/questions/57686244/why-aws-ec2metadatacredentials-giving-wrong-role