这是设置:
有一个主从式体系结构,该体系结构正通过主从式Ansible进行编排。创建工人的代码如下:
- name: Provisioning Spot instaces
ec2:
assign_public_ip: no
spot_price: "{{ ondemand4_price }}"
spot_wait_timeout: 300
assign_public_ip: no
aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
security_token: "{{ assumed_role.sts_creds.session_token }}"
region: "{{ aws_region }}"
image: "{{ image_instance }}"
instance_type: "{{ large_instance }}"
key_name: "{{ ssh_keyname }}"
count: "{{ ninstances }}"
state: present
group_id: "{{ priv_sg }}"
vpc_subnet_id: "{{ subnet_id }}"
instance_profile_name: 'ML-Ansible'
wait: true
instance_tags:
Name: Worker
#delete_on_termination: yes
register: ec2
ignore_errors: True
因此,工人实例是使用配置文件名(/角色)“ML Ansible”创建的,它包含所有必要的权限。
但是,当尝试执行AWS shell命令时(
aws cloudwatch put-metric-data ...
),但返回以下错误:
"stderr": "\nAn error occurred (InvalidClientTokenId) when calling the PutMetricData operation: The security token included in the request is invalid.",
我们最近轮换了所有证件。所以,我们有一套新的
aws_access_key_id
和
aws_secret_access_key
所以,当我看着
~/.aws/credentials
文件,即使今天运行Ansible文件,它也包含以前的一组凭据。
为什么会这样?
相应的IAM配置文件是否也需要进行任何更改?