1 個回答
- 最新
- 最多得票
- 最多評論
0
Hi, you don't say if your using your, host, EC2 role credentials in the docker container or have another process?
Depending on your docker base image and the libraries it supports you could:-
- Use the AWS SDK in your code, something like boto3 (python) can automatically manage the refresh of the credentials
- a background thread, goroutine etc. in your app code could periodically query the metadata service url @http://169.254.169.254/latest/meta-data/iam/security-credentials/yourole and update credential used in your S3 call
- Generate static credentials (IAM user) with limited access and inject the Secret/Access keys into your container in environment variables, these wont change but can also be used outside of your VPC so need to be least privilege and should be rotated frequently to limit security issues.
hope this helps
相關內容
- 已提問 6 個月前
- 已提問 6 個月前
- AWS 官方已更新 1 年前
Hello, without sharing credentials details, could you please provide more information on your authentication process ? Are you using AWS CLI ? or SDK ? or something else ? Thanks.