Closed sujithvs-dev closed 7 years ago
Are you specifying the IAM role in the environment via ARNs? If not, are you using the @ format for multi-account? (role@account_id). For cross-account you need to do one of the above, because otherwise metadataproxy will look for the role in its own account.
Additionally, for metadataproxy to access the role, it needs to be allowed to assume it in its own IAM policy, and the role to be assumed needs to allow the root account, or the specific role to assume it. Have you granted access to the role metadataproxy is using, using a policy document on the role to be assumed?
http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
Thanks for your reply. This is fixed after specifying IAM_ROLE in "role@account_id" format.
I have one more issue, currently metadata proxy(running with host networking) and other containers running on same host. Is it possible to use same metadata proxy from other containers running in different docker host.
You should run a metadataproxy on every single host that's running docker. It's meant to act as a sidecar process that sits in front of the metadata service, and the metadata service is local to every host.
Thanks for your quick reply.
I am decided to go with non-container approach for metadataproxy. I just cloned the repo and while executing "pip install metadataproxy" getting below, error. Could you please help.
[root@dev-ccp-met-pxy-svs metadataproxy]# pwd
/srv/metadataproxy
[root@dev-ccc-met-pxy-svs metadataproxy]# ls
CHANGELOG.md Dockerfile.private entrypoint.sh LICENSE manifest.yaml metadataproxy.egg-info README.md requirements_wsgi.txt setup.cfg venv
Dockerfile docker_push.sh infra Makefile metadataproxy provision.sh requirements.txt run-server.sh setup.py wsgi.py
[root@dev-ccc-met-pxy-svs metadataproxy]# pip install metadataproxy
Collecting metadataproxy
Using cached metadataproxy-1.2.1.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-build-t4uhCj/metadataproxy/setup.py", line 19, in <module>
reqs = [str(ir.req) for ir in reqs_base]
File "/usr/lib/python2.7/site-packages/pip/req/req_file.py", line 84, in parse_requirements
filename, comes_from=comes_from, session=session
File "/usr/lib/python2.7/site-packages/pip/download.py", line 425, in get_file_content
'Could not open requirements file: %s' % str(exc)
pip.exceptions.InstallationError: Could not open requirements file: [Errno 2] No such file or directory: 'requirements.txt'
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-t4uhCj/metadataproxy/
[root@dev-ccc-met-pxy-svs metadataproxy]#
Doh! I must have broken something with the packaging.
Fixed in 1.2.5
It worked. Thanks !
We are getting below error while using metadata proxy with cross account access.
_GetRoleError: (404, 'An error occurred (NoSuchEntity) when calling the GetRole operation: Role not found for r_cccContainerRole1')
Please let us know how we can resolve this issue. Metadata proxy running as container in aws.