Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alternative method of providing credentials #171

Open
benkehoe opened this issue Aug 8, 2022 · 1 comment
Open

Alternative method of providing credentials #171

benkehoe opened this issue Aug 8, 2022 · 1 comment

Comments

@benkehoe
Copy link

benkehoe commented Aug 8, 2022

The docs recommend mounting ~/.aws into the container, but this may not work for a variety of reasons (e.g., a custom credential process that's not accessible to the container). An alternative I've discovered is to provide a local IMDSv2 server on the host and use the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable on the container.

I've included this capability in aws-export-credentials. It looks like this:

# in a terminal (choosing 8081 as the port for this example)
$ aws-export-credentials --imds 8081

then in your docker-compose.override.yml from the tutorial, the relevant section would look something like this:

services:
    # This container vends credentials to your containers
    ecs-local-endpoints:
        # The Amazon ECS Local Container Endpoints Docker Image
        image: amazon/amazon-ecs-local-container-endpoints
        volumes:
          # Mount /var/run so we can access docker.sock and talk to Docker
          - /var/run:/var/run
        ports:
          # Map the IMDS server's port from the host
          - "8081:8081"
        environment:
          # use credentials from the IMDS server on the host
          AWS_EC2_METADATA_SERVICE_ENDPOINT=http://host.docker.internal:8081/
        networks:
            credentials_network:
                # This special IP address is recognized by the AWS SDKs and AWS CLI 
                ipv4_address: "169.254.170.2"
@benkehoe benkehoe mentioned this issue Aug 8, 2022
@PettitWesley
Copy link
Contributor

Thank you for providing this example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants