AWS The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256
Hallo Zusammen,
ich führe ein Skript aus welches, alle Ressourcen bei der Erstellung taggen soll:
Alles in EU-Central-1
Dieses Skript funktionieren teilweise .. Ich erstellte Probeweise eine EC2 Instanz und S3 Buckets. Die EC2 Instanz wurde getaggt ebenfalls der Bucket .. Nur wenn ich später nochmal welche erstellt habe wurde nur noch der Bucket getaggt. In den Logs fand ich dann folgendes:
2018-09-05T09:40:01.982Z 3a7ccde7-b0ef-11e8-a5d9-ed81f6459057 { [InvalidRequest: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.]
message: 'The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.',
code: 'InvalidRequest',
region: null,
time: Wed Sep 05 2018 09:40:01 GMT+0000 (UTC),
requestId: 'F3AAE4F8BBA1D952',
extendedRequestId: 'Jvj8W/xrZWW3zsGCqMclXCO5hbfI35VEWo5XDWilTNkqU+Wg2gSpDLsQ/rdLSrSqhIJ9O7ciSp8=',
cfId: undefined,
statusCode: 400,
retryable: false,
retryDelay: 27.57354755885899 }
Weiß jemand wieso es so "teilweise" funktioniert.
Viele Grüße,
Matze
ich führe ein Skript aus welches, alle Ressourcen bei der Erstellung taggen soll:
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Auto Tag (Open Source by GorillaStack)",
"Parameters" : {
"CodeS3Bucket" : {
"Description" : "The name of the code bucket in S3",
"Type" : "String",
"Default" : "gorillastack-autotag-releases-eu-central-1"
},
"CodeS3Path" : {
"Description" : "The path of the code zip file in the code bucket in S3",
"Type" : "String",
"Default" : "autotag-0.3.0.zip"
},
"CloudTrailBucketName" : {
"Description" : "The name you want to give the bucket for your CloudTrail logs",
"Type" : "String",
"Default": "my-cloudtrail-bucket"
}
},
"Mappings" : {
},
"Resources": {
"AutoTagExecutionRole" : {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/gorillastack/autotag/execution/"
}
},
"AutoTagLambdaFunction" : {
"Type" : "AWS::Lambda::Function",
"Properties" : {
"Code" : {
"S3Bucket": { "Ref" : "CodeS3Bucket" },
"S3Key": { "Ref" : "CodeS3Path" }
},
"Description" : "Auto Tag (Open Source by GorillaStack)",
"FunctionName" : "AutoTag",
"Handler" : "autotag.handler",
"Role" : { "Fn::GetAtt" : [ "AutoTagExecutionRole", "Arn" ] },
"Runtime" : "nodejs4.3",
"Timeout" : 30
}
},
"AutoTagMasterRole" : {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS" : { "Fn::GetAtt" : [ "AutoTagExecutionRole", "Arn" ] }
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/gorillastack/autotag/master/"
}
},
"AutoTagMasterPolicy" : {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "AutoTagMasterPolicy",
"Roles": [ { "Ref": "AutoTagMasterRole" } ],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketTagging",
"s3:PutBucketTagging",
"ec2:CreateTags",
"elasticloadbalancing:AddTags",
"autoscaling:CreateOrUpdateTags",
"rds:AddTagsToResource",
"elasticmapreduce:AddTags",
"datapipeline:AddTags"
],
"Resource": [
"*"
]
}
]
}
}
},
"AutoTagExecutionPolicy" : {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "AutoTagExecutionPolicy",
"Roles": [ { "Ref": "AutoTagExecutionRole" } ],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
{ "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref" : "CloudTrailBucketName" } ] ] },
{ "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref" : "CloudTrailBucketName" }, "/*" ] ] }
]
},
{
"Effect": "Allow",
"Action": [
"cloudformation:DescribeStackResource"
],
"Resource": [
{ "Fn::Join": [ "", [ "arn:aws:cloudformation:", { "Ref" : "AWS::Region" }, ":", { "Ref" : "AWS::AccountId" }, ":stack/autotag/*" ] ] }
]
},
{
"Effect": "Allow",
"Action": [
"sts:*"
],
"Resource": [
{ "Fn::GetAtt" : [ "AutoTagMasterRole", "Arn" ] }
]
}
]
}
}
},
"TriggerLambdaPermission": {
"Type" : "AWS::Lambda::Permission",
"DependsOn" : "AutoTagLambdaFunction",
"Properties" : {
"Action" : "lambda:InvokeFunction",
"FunctionName" : { "Fn::GetAtt" : [ "AutoTagLambdaFunction", "Arn" ] },
"Principal" : "s3.amazonaws.com",
"SourceAccount": { "Ref" : "AWS::AccountId" },
"SourceArn": { "Fn::Join" : [ "", [ "arn:aws:s3:::", { "Ref" : "CloudTrailBucketName" } ] ] }
}
},
"BucketPolicy" : {
"Type" : "AWS::S3::BucketPolicy",
"DependsOn": "CloudTrailS3Bucket",
"Properties" : {
"Bucket" : { "Ref" : "CloudTrailS3Bucket" },
"PolicyDocument" : {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSCloudTrailAclCheck",
"Effect": "Allow",
"Principal": { "Service" : "cloudtrail.amazonaws.com"},
"Action": "s3:GetBucketAcl",
"Resource": { "Fn::Join" : [ "", [ "arn:aws:s3:::", { "Ref" : "CloudTrailBucketName" } ] ] }
},
{
"Sid": "AWSCloudTrailWrite",
"Effect": "Allow",
"Principal": { "Service":"cloudtrail.amazonaws.com" },
"Action": "s3:PutObject",
"Resource": { "Fn::Join" : [ "", [ "arn:aws:s3:::", { "Ref" : "CloudTrailBucketName"}, "/AWSLogs/", { "Ref":"AWS::AccountId" }, "/*" ] ] },
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
}
},
"CloudTrailS3Bucket" : {
"DependsOn" : "TriggerLambdaPermission",
"Type" : "AWS::S3::Bucket",
"Properties" : {
"BucketName" : { "Ref" : "CloudTrailBucketName" },
"NotificationConfiguration" : {
"LambdaConfigurations" : [
{
"Event" : "s3:ObjectCreated:*",
"Function" : { "Fn::GetAtt" : [ "AutoTagLambdaFunction", "Arn" ] }
}
]
}
}
},
"CloudTrail" : {
"DependsOn": "BucketPolicy",
"Type" : "AWS::CloudTrail::Trail",
"Properties" : {
"IsLogging" : true,
"IncludeGlobalServiceEvents": true,
"IsMultiRegionTrail" : true,
"S3BucketName" : { "Ref" : "CloudTrailBucketName" }
}
}
}
}
Alles in EU-Central-1
Dieses Skript funktionieren teilweise .. Ich erstellte Probeweise eine EC2 Instanz und S3 Buckets. Die EC2 Instanz wurde getaggt ebenfalls der Bucket .. Nur wenn ich später nochmal welche erstellt habe wurde nur noch der Bucket getaggt. In den Logs fand ich dann folgendes:
2018-09-05T09:40:01.982Z 3a7ccde7-b0ef-11e8-a5d9-ed81f6459057 { [InvalidRequest: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.]
message: 'The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.',
code: 'InvalidRequest',
region: null,
time: Wed Sep 05 2018 09:40:01 GMT+0000 (UTC),
requestId: 'F3AAE4F8BBA1D952',
extendedRequestId: 'Jvj8W/xrZWW3zsGCqMclXCO5hbfI35VEWo5XDWilTNkqU+Wg2gSpDLsQ/rdLSrSqhIJ9O7ciSp8=',
cfId: undefined,
statusCode: 400,
retryable: false,
retryDelay: 27.57354755885899 }
Weiß jemand wieso es so "teilweise" funktioniert.
Viele Grüße,
Matze
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 385503
Url: https://administrator.de/forum/aws-the-authorization-mechanism-you-have-provided-is-not-supported-please-use-aws4-hmac-sha256-385503.html
Ausgedruckt am: 23.12.2024 um 18:12 Uhr
3 Kommentare
Neuester Kommentar
10 Sekunden Google: Lösung bei Stackoverflow