By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Credentials Changing

0

How do I stop credentials from changing every couple of hours?

Working on pushing docker images to an EC2 instance to train up machine learning algorithms and I need to access data on s3 during the training. My current credentials change every couple of hours and that makes it difficult to persist information within the docker containers.

  • Mickael-AWS
    2 years ago

    Hello, without sharing credentials details, could you please provide more information on your authentication process ? Are you using AWS CLI ? or SDK ? or something else ? Thanks.

Topics
ComputeDevOps
Tags
Linux ProvisioningAWS BatchComputeDevOps
Language
English
rePost-User-4773274
asked 2 years ago269 views
1 Answer
0

Hi, you don't say if your using your, host, EC2 role credentials in the docker container or have another process?

Depending on your docker base image and the libraries it supports you could:-

  • Use the AWS SDK in your code, something like boto3 (python) can automatically manage the refresh of the credentials
  • a background thread, goroutine etc. in your app code could periodically query the metadata service url @http://169.254.169.254/latest/meta-data/iam/security-credentials/yourole and update credential used in your S3 call
  • Generate static credentials (IAM user) with limited access and inject the Secret/Access keys into your container in environment variables, these wont change but can also be used outside of your VPC so need to be least privilege and should be rotated frequently to limit security issues.

hope this helps

AWS
Malcolm_O
answered 2 years ago
profile pictureAWS
EXPERT
kentrad
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content