我面临的问题是我的 AWS Elastic Beanstalk 环境的运行状况已自动降级。我在环境事件日志中收到以下错误消息:
Failed to deploy configuration.August 15, 2024 13:07:33 (UTC+5)ERRORRollback of environment Univexch-env failed. Reason: The following resource(s) failed to update: [AWSEBRDSDatabase].ERRORUpdating RDS database named: awseb-e-i4w84yjffc-stack-awsebrdsdatabase failed. Reason: Resource handler returned message: "User: arn:aws:sts::14:assumed-role/aws-elasticbeanstalk-service-role/elasticbeanstalk is not authorized to perform: rds:ModifyDBInstance on resource: arn:aws:rds:us-east-1:141408100488:db:awseb-e-i4w84yjffc-stack-awsebrdsdatabase because no identity-based policy allows the rds:ModifyDBInstance action (Service: Rds, Status Code: 403, Request ID: 43f16117-cf09-4a3c-b4c7-9f4dfe5e)" (RequestToken: 336c4947-d7da-c10b-3360-dabc48cc6, HandlerErrorCode: AccessDenied)环境尝试修改 RDS 数据库,但由于
AccessDeniedaws-elasticbeanstalk-service-role此外,我还在RDS控制台中注意到了这条消息:
Upgrade required for your databasesYou have one or more RDS databases that use RDS Certificate Authorities that have expired or are reaching end-of-life (EOL). After expiry, RDS can no longer accept new connections with these certificates.我怀疑即将到期的 RDS 证书颁发机构也可能导致环境健康状况恶化。
如何解决
AccessDeniedaws-elasticbeanstalk-service-role过期的 RDS 证书颁发机构是否会导致环境健康状况恶化?
我需要遵循任何具体步骤来确保更新权限和证书后我的环境健康状况恢复吗?
任何见解或建议将不胜感激!
我尝试重新启动应用程序服务器,但失败,并显示该实例不处于“可用”状态。状态
我避免对 RDS 实例进行任何更改,因为数据库中有很多重要数据,我不想冒任何潜在数据丢失的风险。
我想了解这个问题的根本原因。环境已经稳定一年了,第一次遇到问题。如何安全地调试和解决这些问题而不冒数据丢失的风险?我怀疑过期的 RDS 证书可能是问题的一部分,但我不确定它们是否会导致环境健康状况恶化。
转到 IAM 控制台,找到 aws-elasticbeanstalk-service-role,然后编辑策略以包含以下权限:
{
"Effect": "Allow",
"Action": "rds:ModifyDBInstance",
"Resource": "arn:aws:rds:us-east-1:141408100488:db:awseb-e-i4w84yjffc-stack-awsebrdsdatabase"
}