AWS Robomaker 錯誤:(AccessDeniedException) 使用者:arn:aws:iam... 無權執行:robomaker:CreateSimulationJob

tag-icon tag-icon amazon-web-services
AWS Robomaker 錯誤:(AccessDeniedException) 使用者:arn:aws:iam... 無權執行:robomaker:CreateSimulationJob

meta.stackexchange.com#141944建議可以在這裡提出像我這樣的“AWS + 個人使用”問題,所以希望我在正確的網站上。

遵循教程AWS Robomaker(aws.amazon.com)在「使用 AWS RoboMaker 中的容器建立並執行機器人和模擬應用程式」部分的步驟 6 中,執行以下命令失敗並出現錯誤(憑證已替換)。

我錯過了什麼/錯了什麼?我基本上是重新建立了這個AWS帳戶,所以沒有做太多設定。

$ aws robomaker create-simulation-job --cli-input-json file://create_simulation_job.json

An error occurred (AccessDeniedException) when calling the CreateSimulationJob operation: User: arn:aws:iam::292945459999:user/fname.lname is not authorized to perform: robomaker:CreateSimulationJob on resource: arn:aws:robomaker:us-east-1:292945459999:simulation-application/robomaker-helloworld-sim-app/1675482941456
create_simulation_job.json 的內容

(由於教學中不清楚,我猜想是從 Robomaker 上的 robomaker-helloworld-sim-app 模擬應用程式中取得「application」的 ARN)

    "maxJobDurationInSeconds": 3600,
    "iamRole": "arn:aws:iam::292945459999:role/RoboMaker-HelloWorld-Role",
    "robotApplications": [
        {
            "application": "arn:aws:robomaker:us-east-1:292945459999:simulation-application/robomaker-helloworld-sim-app/1675482941456",
            "applicationVersion": "$LATEST",
            "launchConfig": {
                "environmentVariables": {
                    "ROS_IP": "ROBOMAKER_ROBOT_APP_IP",
                    "ROS_MASTER_URI": "http://ROBOMAKER_ROBOT_APP_IP:11311",
                    "GAZEBO_MASTER_URI": "http://ROBOMAKER_SIM_APP_IP:11345"
                },
                "streamUI": false,
                "command": [
                    "roslaunch", "hello_world_robot", "rotate.launch"
                ]
            },
            "tools": [
                {
                    "streamUI": true,
                    "name": "robot-terminal",
                    "command": "/entrypoint.sh && xfce4-terminal",
                    "streamOutputToCloudWatch": true,
                    "exitBehavior": "RESTART"
                }
            ]
        }
    ],
    "simulationApplications": [
        {
            "application": "arn:aws:robomaker:us-east-1:292945459999:simulation-application/robomaker-helloworld-sim-app/1675482941456",
            "launchConfig": {
                "environmentVariables": {
                  "ROS_IP": "ROBOMAKER_SIM_APP_IP",
                  "ROS_MASTER_URI": "http://ROBOMAKER_ROBOT_APP_IP:11311",
                  "GAZEBO_MASTER_URI": "http://ROBOMAKER_SIM_APP_IP:11345",
                  "TURTLEBOT3_MODEL":"waffle_pi"
                },
                "streamUI": true,
                "command": [
                    "roslaunch", "hello_world_simulation", "empty_world.launch"
                ]
            },
            "tools": [
                {
                    "streamUI": true,
                    "name": "gzclient",
                    "command": "/entrypoint.sh && gzclient",
                    "streamOutputToCloudWatch": true,
                    "exitBehavior": "RESTART"
                }
            ]
        }
    ]
}

IAM使用者擁有以下權限:AdministratorAccess, AWSDeepRacerRoboMakerAccessPolicy, AWSRoboMaker_FullAccess

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.5 LTS
Release:        20.04
Codename:       focal

$ aws --version
aws-cli/1.27.64 Python/3.8.10 Linux/5.4.0-137-generic botocore/1.29.64

答案1

我自己解決了。

思考我忘記在中運行aws robomaker create-robot-application命令教程 (aws.amazon.com),因為我在「Robomaker -> 開發 -> 機器人應用程式」上沒有看到機器人應用程式。所以我首先(重新)運行:

aws robomaker create-robot-application \
--name $robotapp \
--robot-software-suite name=General \
--environment uri=$ecruri/$robotapp:latest

然後將create_simulation_job.json檔案中的 ARN 替換為 create-robot-application 剛剛返回的 ARN,運行aws robomaker create-simulation-job命令,這次它通過了,我在「Robomaker -> 模擬運行 -> 模擬作業」上看到了預期的模擬作業。

在OP的create_simulation_job.json中,有一件事明顯錯誤:我傳遞了「sim app」的ARN,而預期是「robot app」的ARN(儘管錯誤訊息沒有明確說明)。

    "robotApplications": [
        {
            "application": "arn:aws:robomaker:us-east-1:292945459999:simulation-application/robomaker-helloworld-sim-app/1675482941456",
    :

相關內容