An error occurred when starting a container on an EC2 instance from a Docker host. AWS, Docker, and Docker machines are just starting to learn, and I feel like I'm groping when an error occurs, but I've solved it, so I'll summarize it as a memorandum. Also, if anyone is suffering from the same error, I hope it helps. It may be a detour, but I would like to hear your opinions at that time.
First of all, this is the error statement this time. We will resolve the error by verifying the hypothesis that can be considered from the error statement.
Terminal
% docker-machine create --driver amazonec2 --amazonec2-open-port 8000 --amazonec2-vpc-region ap-northeast-1 <EC2 instance name>
(EC2 instance name) Couldn't determine your account Default VPC ID : "UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id: <~~request id~~>"
Error setting machine configuration from flags provided: amazonec2 driver requires either the --amazonec2-subnet-id or --amazonec2-vpc-id option or an AWS Account with a default vpc-id
- No default VPC
When I checked the VPC dashboard, it existed, so it seems that this was not the cause. I specified vpc-id directly as an argument, but I still couldn't create an EC2 instance.
2.UnauthorizedOperation
Error that you do not have permission to operate this operation.
-Why do I get the error message "You are not authorized to perform this operation" when you try to launch an EC2 instance? -center / ec2-not-auth-launch /)
In such a case, it is better to look at the primary information and solve it as much as possible, so that future applications will be effective and there is no doubt that the information ***, so I checked it.
When I was thinking of trying to solve the problem by following the steps of the solution, I was struck by the lottery.
Terminal
% aws --version
*** The aws command cannot be used *** The error statement command not found: aws.
So, let's start by installing amazon cli.
-Install, Update, and Uninstall AWS CLI
-Pass the path of AWS CLI *** I referred to this article for how to pass the AWS PATH. *** ***
- Since the error has not changed, I understand the current situation of not having authority
I'm trying to create an EC2 instance from a Docker host using IAM user credentials in the first place. Therefore, isn't there a problem with the description of the authentication information? I thought.
So first I doubted the environment variables.
This time we are dealing with another IAM user's access key. However, the access key of the IAM user created last time was put in the environment variable and passed through the PATH. I wondered if I was warned that IAM was Unauthorized Operation because I didn't give it permission.
Therefore, I deleted the access key (environment variable) of the previous IAM user once. I think it is better to put it in the PATH for each directory, but this time I deleted it.
The environment variables set in the following description have been deleted. *** * The setting method may differ depending on the version of your PC. *** ***
Terminal
vim ~/.zshrc
Change to insert mode (can be described) with i. After making changes, press esc,: wq, Enter to complete.
In this case, the PATH is not reflected yet, so execute the following.
Terminal
source ~/.zshrc
I got another error, but when I saw that the error changed, it seems that I was trying to create an EC2 instance from an IAM that I did not have permission to (the IAM I created last time).
*** Another error was that the file was written incorrectly. *** (I forgot to note the terminal error ...)
Therefore, modify the following ~ / .aws.credentials file.
Before correction
[default]
aws_access_key = <Authentication key>
aws_secret_access_key = <Authentication key>
Revised
[default]
aws_access_key_id = <Authentication key>
aws_secret_access_key = <Authentication key>
Check the ~ / .aws.credentials file.
If you take a closer look at the types that are automatically written in the file when you create, the _id of aws_access_key is missing.
It was an automatically generated type, so I was relieved, but it seems that is not the case.
After modifying the code, create an EC2 instance again.
*** Successful creation of EC2 instance from Docker host! !! *** ***
This time, there was more than one cause for the error, so I wondered if I had to make a hypothesis, select the best one, and verify it. When an error occurs, the part that I do not understand will be highlighted, so it will be a great learning experience. In this case, I strongly felt that I didn't understand enough about environment variables, AWS, and Linux. If an error occurs, it cannot be resolved without investigating the related issues, so even if an error occurs, we will apply it in the future by dealing positively.
--When an error occurs, there is not always one cause. ――We will formulate and test hypotheses and solve the best ones one by one. ――I have doubts even if it is automatically generated (especially where it is related to environment construction and security).
This article was written with reference to the following information.
-Why do I get the error message "You are not authorized to perform this operation" when you try to launch an EC2 instance? -center / ec2-not-auth-launch /)