Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

no basic auth credentials in greengrass component using docker-compose

0

so i have docker compose file which is store in s3 bucket and i am trying to run the docker compose up in my component and had the dependencies for the authentication but couldn't fetch the docker image and getting no basic auth credentials error. Below is my receipe yaml. How do i inject the AWS_CONTAINER_AUTHORIZATION_TOKEN and AWS_CONTAINER_CREDENTIALS_FULL_URI

{
  "RecipeFormatVersion": "2020-01-25",
  "ComponentName": "com.example.veriSpotComponent",
  "ComponentVersion": "3.0.4",
  "ComponentType": "aws.greengrass.generic",
  "ComponentDescription": "A component that uses Docker Compose to run verispot images from public Amazon ECR.",
  "ComponentPublisher": "Amazon",
  "ComponentConfiguration": {},
  "ComponentDependencies": {
    "aws.greengrass.DockerApplicationManager": {
      "VersionRequirement": ">=2.0.0 <2.1.0",
      "DependencyType": "HARD"
    },
    "aws.greengrass.TokenExchangeService": {
      "VersionRequirement": ">=2.0.0 <2.1.0",
      "DependencyType": "HARD"
    }
  },
  "Manifests": [
    {
      "Platform": {
        "os": "all"
      },
      "Lifecycle": {
        "setenv": {
          "AWS_CONTAINER_CREDENTIALS_FULL_URI": "{env:AWS_CONTAINER_CREDENTIALS_FULL_URI}",
          "AWS_CONTAINER_AUTHORIZATION_TOKEN": "{env:AWS_CONTAINER_AUTHORIZATION_TOKEN}"
        },
        "run": "echo 'AUTH_TOKEN=$AWS_CONTAINER_AUTHORIZATION_TOKEN'; echo 'CREDENTIALS_URI=$AWS_CONTAINER_CREDENTIALS_FULL_URI'; docker-compose -f {artifacts:path}/docker-compose.yml up -d",
        "shutdown": "docker-compose -f {artifacts:path}/docker-compose.yml down"
      },
      "Artifacts": [
        {
          "Uri": "s3://**********/verispot/docker-compose.yml",
          "Digest": "MT9c7w6NwdrNwKob5MG5qWNHOHegeZMeXfnBfjZfJks=",
          "Algorithm": "SHA-256",
          "Unarchive": "NONE",
          "Permission": {
            "Read": "OWNER",
            "Execute": "NONE"
          }
        }
      ]
    }
  ],
  "Lifecycle": {}
}

Docker compose file

services:
  manager:
    container_name: manager
    environment:
      AWS_CONTAINER_CREDENTIALS_FULL_URI: "${AWS_CONTAINER_CREDENTIALS_FULL_URI}"
      AWS_CONTAINER_AUTHORIZATION_TOKEN: "${AWS_CONTAINER_AUTHORIZATION_TOKEN}"
      PYTHONUNBUFFERED: 1
    image: ******.dkr.ecr.us-east-2.amazonaws.com/******:starter-iot
    network_mode: host
    restart: always
    volumes:
    - .:/data
    - /dev:/dev:ro
version: '3.9'
Topics
Internet of Things (IoT)
Tags
AWS IoT Greengrass
Language
English
asked a year ago112 views
2 Answers
0
Accepted Answer

The answer is we need to explicitly specify the docker login.

"Lifecycle": { "run": "aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin **********.dkr.ecr.us-east-2.amazonaws.com && docker-compose -f {artifacts:path}/docker-compose.yml up -d" },

answered a year ago
EXPERT
reviewed a year ago
-1

Hi, please refer to this example to inject these 2 environment variables: https://docs.aws.amazon.com/greengrass/v2/developerguide/run-docker-container.html#docker-container-token-exchange-service

AWS
answered a year ago
  • ram
    a year ago

    so basically what's happening is with docker run as we are providing the env variable it is able to fetch the image, but when it comes to docker compose it trying to authenticate to the ECR and then fetch the image. Though we have the token available not sure why the docker-compose is not using those env variables and authenticate to ECR.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content