I have the following command in the userdata of my cloudformation template:
MOUNT_TARGET_IP=$(aws efs describe-mount-targets --file-system-id fs-xxxxxxx --query 'MountTargets[*].IpAddress' --output text)
Also in my template, I have the following policy:
MyPolicy:
Type: "AWS::IAM::Policy"
Properties:
PolicyName: !Sub "${AWS::StackName}_bucket_and_mount_targets_policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "s3:GetObject"
Resource: !Sub "arn:aws:s3:::${AuthorizedKeyBucketName}/authorized_keys"
-
Effect: "Allow"
Action: "s3:ListBucket"
Resource: !Sub "arn:aws:s3:::${AuthorizedKeyBucketName}"
-
Effect: "Allow"
Action: "elasticfilesystem:DescribeMountTargets"
Resource: "arn:aws:elasticfilesystem:us-east-1:xxxxxxxxxx:file-system/fs-xxxxxxx"
Roles:
-
!Ref MyRole
I am not sure why I am still receiving the following error:
You must specify a region. You can also configure your region by running "aws configure".
When I ssh into the instance, and then configure the region and access keys manually, and then try to execute the above statements, it seems to work just fine.
Any thoughts?
Most AWS CLI commands require a region to be configured and you haven't configured one here.
You could change your CLI command to specify a region:
MOUNT_TARGET_IP=$(aws efs describe-mount-targets \
--file-system-id fs-xxxxxxx \
--query 'MountTargets[*].IpAddress' \
--region ... \ # add this
--output text)
Or you could set the AWS_DEFAULT_REGION variable:
AWS_DEFAULT_REGION=...
export AWS_DEFAULT_REGION
MOUNT_TARGET_IP=$(aws efs describe-mount-targets --file-system-id fs-xxxxxxx \
--query 'MountTargets[*].IpAddress' --output text)
Or you could have your script run aws configure or otherwise provide the region in ~/.aws/config.
Note that configuring the AWS CLI with access keys is not recommended. You should use IAM Roles instead.