如何在后处理器部分显示包装器发出的AWS API调用？

Question

我有一个包含以下post-processors部分的打包器模板：

  "post-processors": [
    {
      "type": "amazon-import",
      "ami_name": "my_image-{{user `os_version`}}",
      "access_key": "{{user `aws_access_key`}}",
      "secret_key": "{{user `aws_secret_key`}}",
      "region": "us-east-1",
      "s3_bucket_name": "my_s3_bucket",
      "tags": {
        "Description": "Packer build {{timestamp}}",
        "Version": "{{user `build_version`}}"
      },
      "only": ["aws"]
    }

我正在尝试调试一个策略/权限问题，并希望了解更多有关AWS API calls在amazon-import Post-Processor中所做工作的详细信息。

我知道PACKER_LOG=1环境变量，但是还有比这个更详细的环境变量吗？这个输出并没有给我太多的信息：

2017/08/11 23:55:24 packer: 2017/08/11 23:55:24 Waiting for state to become: completed
2017/08/11 23:55:24 packer: 2017/08/11 23:55:24 Using 2s as polling delay (change with AWS_POLL_DELAY_SECONDS)
2017/08/11 23:55:24 packer: 2017/08/11 23:55:24 Allowing 300s to complete (change with AWS_TIMEOUT_SECONDS)
2017/08/12 00:29:59 ui:     aws (amazon-import): Import task import-ami-fg0qxxdb complete
    aws (amazon-import): Import task import-ami-fg0qxxdb complete
2017/08/12 00:29:59 ui:     aws (amazon-import): Starting rename of AMI (ami-c01125bb)
    aws (amazon-import): Starting rename of AMI (ami-c01125bb)
2017/08/12 00:29:59 ui:     aws (amazon-import): Waiting for AMI rename to complete (may take a while)
2017/08/12 00:29:59 packer: 2017/08/12 00:29:59 Waiting for state to become: available
    aws (amazon-import): Waiting for AMI rename to complete (may take a while)
2017/08/12 00:29:59 packer: 2017/08/12 00:29:59 Using 2s as polling delay (change with AWS_POLL_DELAY_SECONDS)
2017/08/12 00:29:59 packer: 2017/08/12 00:29:59 Allowing 300s to complete (change with AWS_TIMEOUT_SECONDS)
2017/08/12 00:29:59 packer: 2017/08/12 00:29:59 Error on AMIStateRefresh: UnauthorizedOperation: You are not authorized to perform this operation.
2017/08/12 00:29:59 packer:     status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113
2017/08/12 00:29:59 [INFO] (telemetry) ending amazon-import
2017/08/12 00:29:59 [INFO] (telemetry) found error: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113
2017/08/12 00:29:59 Deleting original artifact for build 'aws'
2017/08/12 00:29:59 ui error: Build 'aws' errored: 1 error(s) occurred:

* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113
2017/08/12 00:29:59 Builds completed. Waiting on interrupt barrier...
2017/08/12 00:29:59 machine readable: error-count []string{"1"}
2017/08/12 00:29:59 ui error:
==> Some builds didn't complete successfully and had errors:
2017/08/12 00:29:59 machine readable: aws,error []string{"1 error(s) occurred:\n\n* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id: f53ea750-788e-4213-accc-def6ca459113"}
Build 'aws' errored: 1 error(s) occurred:

2017/08/12 00:29:59 ui error: --> aws: 1 error(s) occurred:

* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113
2017/08/12 00:29:59 ui:
==> Builds finished but no artifacts were created.
* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113

==> Some builds didn't complete successfully and had errors:
--> aws: 1 error(s) occurred:

* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113

==> Builds finished but no artifacts were created.
2017/08/12 00:30:00 [WARN] (telemetry) Error finalizing report. This is safe to ignore. Post https://checkpoint-api.hashicorp.com/v1/telemetry/packer: context deadline exceeded
2017/08/12 00:30:00 waiting for all plugin processes to complete...
2017/08/12 00:30:00 /usr/local/bin/packer: plugin process exited
2017/08/12 00:30:00 /usr/local/bin/packer: plugin process exited
2017/08/12 00:30:00 /usr/local/bin/packer: plugin process exited

我假设这是一个策略权限问题，但我不能从上面的输出中看出我遗漏了什么。

Answer 1

不幸的是，没有更多的调试可以启用。

我建议您检查是否已根据docs创建了所有策略，并检查用户的权限。您可以通过在Search IAM中粘贴访问密钥ID来执行此操作。

作为最后一个资源，最好使用AWS cli手动完成该过程。

Answer 2

不是在包装器中，但您可以使用亚马逊网络服务的CloudTrail来查看调用了哪些API：

https://aws.amazon.com/cloudtrail/