错误:- 状态转换原因:Server.InternalError Client.InternalError:启动时出现客户端错误
当使用启动模板启动实例时,它工作正常,但如果我使用带有启动模板的 ASG,就会在 ec2 实例上出现上述错误。
用于 ebs 的 Kms key 策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxx:root"
},
"Action": "kms:*",
"Resource": "*"
},
{
"Sid": "Allow administration of the key",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::xxxxxxx:role/core-CloudformationStackAdmin",
"arn:aws:iam::xxxxxxx:root",
"arn:aws:iam::xxxxxxx:role/core-ServiceCatalogLaunchAdmin",
"arn:aws:iam::xxxxxxx:role/core-AccountAdmin=fGLB@000"
]
},
"Action": [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion"
],
"Resource": "*"
},
{
"Sid": "Allow use of the key",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::xxxxxxx:role/core-CloudformationStackAdmin",
"arn:aws:iam::xxxxxxx:root",
"arn:aws:iam::xxxxxxx:role/core-ServiceCatalogLaunchAdmin",
"arn:aws:iam::xxxxxxx:role/core-AccountAdmin=fGLB@I+000"
]
},
"Action": [
"kms:DescribeKey",
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext"
],
"Resource": "*",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true"
}
}
},
{
"Sid": "Allow attachment of persistent resources",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::xxxxxxx:role/core-CloudformationStackAdmin",
"arn:aws:iam::xxxxxxx:root",
"arn:aws:iam::xxxxxxx:role/core-ServiceCatalogLaunchAdmin",
"arn:aws:iam::xxxxxxx:role/core-AccountAdmin=fGLB@000"
]
},
"Action": [
"kms:CreateGrant",
"kms:ListGrants",
"kms:RevokeGrant"
],
"Resource": "*",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true"
}
}
},
{
"Sid": "Allow use of the key for Cloudwatch Log Groups Encryption",
"Effect": "Allow",
"Principal": {
"Service": "logs.eu-west-1.amazonaws.com"
},
"Action": [
"kms:Encrypt*",
"kms:Decrypt*",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:Describe*"
],
"Resource": "*",
"Condition": {
"ArnEquals": {
"kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:eu-west-1:xxxxxxxx:log-group:*"
}
}
}
]
}
实例的输出:-
{
"Reservations": [
{
"Instances": [
{
"Monitoring": {
"State": "pending"
},
"PublicDnsName": "",
"StateReason": {
"Message": "Client.InternalError: Client error on launch",
"Code": "Client.InternalError"
},
"State": {
"Code": 48,
"Name": "terminated"
},
"EbsOptimized": true,
"LaunchTime": "2021-11-08T11:38:29.000Z",
"ProductCodes": [],
"CpuOptions": {
"CoreCount": 8,
"ThreadsPerCore": 2
},
"StateTransitionReason": "Server.InternalError",
"InstanceId": "i-0a266c694eb414f70",
"EnaSupport": true,
"ImageId": "ami-0ed588d6f749dcf28",
"PrivateDnsName": "",
"SecurityGroups": [],
"ClientToken": "2c45f3fd-5ea9-acd3-d703-c39a55955c94",
"InstanceType": "m5.4xlarge",
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"NetworkInterfaces": [],
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "eu-west-1a"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/sda1",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "False",
"Key": "AutoShutdown"
},
{
"Value": "False",
"Key": "AutoStart"
},
{
"Value": "AutoScalingGroup",
"Key": "aws:cloudformation:logical-id"
},
{
"Value": "lt-0014c04827c2647b7",
"Key": "aws:ec2launchtemplate:id"
},
{
"Value": "True",
"Key": "RunAtWeekends"
},
{
"Value": "arn:aws:cloudformation:eu-west-1:9887878787:stack/ppe-devops-ecs-06/d5763820-4087-11ec-933b-02d79c55316d",
"Key": "aws:cloudformation:stack-id"
},
{
"Value": "1",
"Key": "aws:ec2launchtemplate:version"
},
{
"Value": "True",
"Key": "KeepMe"
},
{
"Value": "True",
"Key": "SaveIfOrphaned"
},
{
"Value": "ppe-devops-ecs-06-asg",
"Key": "aws:autoscaling:groupName"
},
{
"Value": "ppe-devops-ecs-06",
"Key": "aws:cloudformation:stack-name"
}
],
"HibernationOptions": {
"Configured": false
},
"AmiLaunchIndex": 0
}
],
"ReservationId": "r-014c8f943e5ca3655",
"RequesterId": "178953610797",
"Groups": [],
"OwnerId": "9887878787"
}
]
}
最佳答案
KMS key 访问是问题所在。授予许可已解决该问题。 当附加了额外的加密卷时,这可能会出现错误
关于amazon-web-services - AWS ASG 错误状态转换原因 Server.InternalError,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69881738/