1 Answer
- Newest
- Most votes
- Most comments
0
Hi, you don't say if your using your, host, EC2 role credentials in the docker container or have another process?
Depending on your docker base image and the libraries it supports you could:-
- Use the AWS SDK in your code, something like boto3 (python) can automatically manage the refresh of the credentials
- a background thread, goroutine etc. in your app code could periodically query the metadata service url @http://169.254.169.254/latest/meta-data/iam/security-credentials/yourole and update credential used in your S3 call
- Generate static credentials (IAM user) with limited access and inject the Secret/Access keys into your container in environment variables, these wont change but can also be used outside of your VPC so need to be least privilege and should be rotated frequently to limit security issues.
hope this helps
Relevant content
- asked 3 years ago
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
Hello, without sharing credentials details, could you please provide more information on your authentication process ? Are you using AWS CLI ? or SDK ? or something else ? Thanks.