By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Getting AWS Credentials into a Docker Container without Hardcoding It

0

Hello, I have an application that writes and reads data in S3.

  1. When running this application in eg AppRunner, credentials are passed through roles and policies (this works)
  2. When I run the application directly from Visual Studio, the credentials are taken from the locally configured credentials file in C:\Users\user.aws. (this works)

However, I have a problem with passing the credentials as I want to run the application in the docker container, but locally, how to pass these credentials during e.g. docker run? I've tried several ways before, but none of them worked

As part of the tests, I even did something like this, but it also doesn't work:

docker run -e AWS_ACCESS_KEY_ID=<my_aws_access_key> -e AWS_SECRET_ACCESS_KEY=<my_aws_secret_access_key> -e AWS_DEFAULT_REGION=us-east-1 -p 8081: 8080 test040722: 1.0

Topics
DevOpsMicroservices.NET on AWS
Tags
DevOpsMicroservices.NET on AWS
Language
English
AWS-Arthur
asked 2 years ago737 views
4 Answers
1

This confirms that the credentials are being passed on to the container. I assumed that the application should be able to read the environment variable but you need to debug if the application is able to do so or does it need it in some other file or location. Or maybe some sort of conditional handling to fetch the credentials from diff sources depending on where you are running the application on. From my experience in Linux, python SDK has various methods to read credentials. Something similar should also be the case with .NET

--Syd

profile picture
Syd
answered 2 years ago
0

Unless it was a typo or oversight when creating this Support Q, the command you used has unexpected spaces. It should be as follows:

docker run -e AWS_ACCESS_KEY_ID=<my_aws_access_key> -e AWS_SECRET_ACCESS_KEY=<my_aws_secret_access_key> -e AWS_DEFAULT_REGION=us-east-1 -p 8081:8080 test040722:1.0

What's the error you get when you execute the docker run command? If it's successful, does the container show up in the docker ps output? Also if you can access the container with docker exec, do the AWS* variables show up in the env command. I was successfully able to execute AWS CLI commands in a container by passing credentials in the manner listed above

--Syd

profile picture
Syd
answered 2 years ago
0

hi, thanks for answer. It was an oversight after i paste this command here, I had no spaces in CLI. This command succeeds. The container is running. In the application, which is an API, I also have other methods (they don't need credentials), they all work fine. Only this one with credentials causes an error.

I can access into the container, when i used docker exec it show all env variables

HOSTNAME=4e4cb957094b
AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX
AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXX
AWS_DEFAULT_REGION=us-east-1
ASPNETCORE_URLS=http://+:8080
DOTNET_RUNNING_IN_CONTAINER=true
DOTNET_VERSION=6.0.6
ASPNET_VERSION=6.0.6
HOME=/home/appuser
AWS-Arthur
answered 2 years ago
0

Ok, it's all working fine now. I checked everything and my environment variables are passed correctly. But now i have second problem that i thought it was because those env variables.

I have error when i want to use my credentials (this error appears only when i want to use credentials in local docker container):

Amazon.Runtime.AmazonClientException: No RegionEndpoint or ServiceURL configured

I don't know why because I declared RegionEndpoint like this:

var client = new AmazonS3Client(awsCredentials, RegionEndpoint.EUWest1)

AWS-Arthur
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content