Hi, you don't say if your using your, host, EC2 role credentials in the docker container or have another process?
Depending on your docker base image and the libraries it supports you could:-
- Use the AWS SDK in your code, something like boto3 (python) can automatically manage the refresh of the credentials
- a background thread, goroutine etc. in your app code could periodically query the metadata service url @http://169.254.169.254/latest/meta-data/iam/security-credentials/yourole and update credential used in your S3 call
- Generate static credentials (IAM user) with limited access and inject the Secret/Access keys into your container in environment variables, these wont change but can also be used outside of your VPC so need to be least privilege and should be rotated frequently to limit security issues.
hope this helps
- Accepted Answerasked 2 years ago
- Accepted Answerasked 8 months ago
- How do I troubleshoot issues when I try to get IAM credentials from an EC2 Instance Metadata Service?AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- EXPERTpublished a year ago
- EXPERTpublished 4 months ago