By using AWS re:Post, you agree to the Terms of Use

get AWS credentials from within ECS container to make AWS API calls

0

Hi team,

My application runs on ECS fargate.

This application uses some AWS clients for services such as S3, SES, SQS, SNS...

These services are accessed by my application through

accessKeyId and secretAccessKey credentials (for MyappIamUser), which are configured as secret environment variables on my ECS container (read from secret manager ).

My app needs to be migrated to another AWS account where I cannot create any IAM user.

How can my application running on ECS fargate get credentials to access AWS services via clients: S3, SES, SQS, SNS ...?

can I use this : https://www.npmjs.com/package/@aws-sdk/credential-providers ?

fromContainerMetadata ()

thank you.

3 Answers
2

Please take a look at this document - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html

It is the recommended way using IAM roles rather than passing AWS user credentials to your containers directly

answered 5 days ago
profile picture
MODERATOR
reviewed 5 days ago
0

You should consider using ECS task role instead of embedding keys as environment variables, which is not secured and hard to manage.

answered 5 days ago
0

ECS task role can be used instead of the referenced npm module as it provides benefits like credential isolation, Authorization, Audability

profile picture
answered 2 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions