AWS Beanstalk Worker can't start SQS daemon aw

2019-08-31 04:41发布

问题:

My target is using AWS Beanstalk, create application environment type 'Worker' which will handle heavy loading tasks, this worker based on our Rails application. I create AWS Beanstalk Worker Environment: Environment tier: Ruby, 1.9.3 on 64bit Amazon Linux Environment type: single instance (i did try 64bit Amazon Linux 2014.03 v1.0.3 running Ruby 2.0 (Puma) with same failed result)

After solving all issues with GEMS and database connection, i stuck on starting "aws-sqs" Queue client. It should listen Queue and do HTTP requests to Worker application. I've provide AWS_ACCESS_KEY_ID and AWS_SECRET_KEY to ENV variables for this Worker instance:

$ export | grep AWS
declare -x AWS_ACCESS_KEY_ID="AK...........Q"
declare -x AWS_AUTO_SCALING_HOME="/opt/aws/apitools/as"
declare -x AWS_CLOUDWATCH_HOME="/opt/aws/apitools/mon"
declare -x AWS_ELB_HOME="/opt/aws/apitools/elb"
declare -x AWS_IAM_HOME="/opt/aws/apitools/iam"
declare -x AWS_PATH="/opt/aws"
declare -x AWS_RDS_HOME="/opt/aws/apitools/rds"
declare -x AWS_SECRET_KEY="Hp.....fI"
declare -x EB_CONFIG_SYSTEM_AWSEBAGENTID=""
declare -x EB_CONFIG_SYSTEM_AWSEBREFERRERID=""

Here is log output:

2014-05-19T13:58:59Z init: initializing aws-sqsd 1.0 (2013-12-23)
2014-05-19T13:58:59Z start: polling https://sqs.us-east-1.amazonaws.com/201266939336/awseb-e-dq8cqaud2z-stack-AWSEBWorkerQueue-18836XBBHNDUD
2014-05-19T13:58:59Z fatal: AWS::Errors::MissingCredentialsError: 
Missing Credentials.

Unable to find AWS credentials.  You can configure your AWS credentials
a few different ways:

* Call AWS.config with :access_key_id and :secret_access_key

<<<

* On EC2 you can run instances with an IAM instance profile and credentials
  will be auto loaded from the instance metadata service on those
  instances.

* Call AWS.config with :credential_provider.  A credential provider should
  either include AWS::Core::CredentialProviders::Provider or respond to
  the same public methods.

= Ruby on Rails

In a Ruby on Rails application you may also specify your credentials in
the following ways:

* Via a config initializer script using any of the methods mentioned above
  (e.g. RAILS_ROOT/config/initializers/aws-sdk.rb).

* Via a yaml configuration file located at RAILS_ROOT/config/aws.yml.
  This file should be formated like the default RAILS_ROOT/config/database.yml
  file.

Also i have config/initializers/aws-sdk.rb in my Rails application with this content:

AWS.config(
    access_key_id: ENV["AWS_ACCESS_KEY_ID"],
    secret_access_key: ENV["AWS_SECRET_ACCESS_KEY"])

Daemon aws-sqs don't started at all. May i have chance to configure aws-sqs in some other way?

回答1:

Perhaps the instance profile you are using for your Elastic Beanstalk does not have the permissions needed for worker environments.

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.roles.aeb.html#AWSHowTo.iam.policies.actions.worker

Can you make sure your IAM Instance profile has all permissions listed in the link above? (Copied below for reference)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "QueueAccess",
      "Action": [
        "sqs:ChangeMessageVisibility",
        "sqs:DeleteMessage",
        "sqs:ReceiveMessage"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "MetricsAccess",
      "Action": [
        "cloudwatch:PutMetricData"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}