You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The docs recommend mounting ~/.aws into the container, but this may not work for a variety of reasons (e.g., a custom credential process that's not accessible to the container). An alternative I've discovered is to provide a local IMDSv2 server on the host and use the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable on the container.
# in a terminal (choosing 8081 as the port for this example)
$ aws-export-credentials --imds 8081
then in your docker-compose.override.yml from the tutorial, the relevant section would look something like this:
services:
# This container vends credentials to your containersecs-local-endpoints:
# The Amazon ECS Local Container Endpoints Docker Imageimage: amazon/amazon-ecs-local-container-endpointsvolumes:
# Mount /var/run so we can access docker.sock and talk to Docker
- /var/run:/var/runports:
# Map the IMDS server's port from the host
- "8081:8081"environment:
# use credentials from the IMDS server on the hostAWS_EC2_METADATA_SERVICE_ENDPOINT=http://host.docker.internal:8081/networks:
credentials_network:
# This special IP address is recognized by the AWS SDKs and AWS CLI ipv4_address: "169.254.170.2"
The text was updated successfully, but these errors were encountered:
The docs recommend mounting
~/.aws
into the container, but this may not work for a variety of reasons (e.g., a custom credential process that's not accessible to the container). An alternative I've discovered is to provide a local IMDSv2 server on the host and use theAWS_EC2_METADATA_SERVICE_ENDPOINT
environment variable on the container.I've included this capability in
aws-export-credentials
. It looks like this:# in a terminal (choosing 8081 as the port for this example) $ aws-export-credentials --imds 8081
then in your
docker-compose.override.yml
from the tutorial, the relevant section would look something like this:The text was updated successfully, but these errors were encountered: