[英]How do I get AWS credentials in the AWS ECS docker container?
First, I use the server environment: 首先,我使用服务器环境:
I am using the watchtower third party app for the AWS CloudWatch log service. 我正在使用了用于AWS CloudWatch日志服务的了望塔第三方应用程序。 So, I need to give AWS credential information to the docker container. 因此,我需要将AWS凭据信息提供给docker容器。
When testing locally, docker run -v $ HOME / .aws: /root/.aws --rm -it -p 8080: 80 image_name
will connect the local credentials to the volume. 在本地测试时, docker run -v $ HOME / .aws: /root/.aws --rm -it -p 8080: 80 image_name
将本地凭据连接到卷。
But I don't know how to apply it in AWS ECS. 但我不知道如何在AWS ECS中应用它。
http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html
I am following the above article, and I have written the .aws/ecs.confg file by following above article. 我正在按照上面的文章,我已经按照上面的文章编写了.aws / ecs.confg文件。
AWS_DEFAULT_REGION=ap-northeast-1
AWS_ACCESS_KEY_ID=bbbbbbbbb
AWS_SECRET_ACCESS_KEY=aaaaaaaaaaaa
I added command to the Dockerfile likes bello. 我向Dockerfile添加了命令bello。
COPY .aws/ecs.config /etc/ecs/ecs.config
However, internal server error occurs when accessing ECS. 但是,访问ECS时会发生内部服务器错误。
I have also tried to assign an "IAM role" to the container when "Task define" Even if you create "CloudWatchLogsFullAccess IAM role", nothing appears on the "Task define" creation screen role drop down. “任务定义”时,我还尝试为容器分配“IAM角色”即使您创建“CloudWatchLogsFullAccess IAM角色”,“任务定义”创建屏幕角色下拉列表中也不会显示任何内容。
If you have any other way, please help me. 如果您有其他方式,请帮助我。
Thank you. 谢谢。
Here is my logging setting. 这是我的日志记录设置。 In local tests, logging works normally. 在本地测试中,日志记录正常。
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
},
'simple': {
'format': '%(levelname)s %(message)s'
},
},
'handlers': {
'watchtower': {
'level': 'DEBUG',
'class': 'watchtower.CloudWatchLogHandler',
'formatter': 'verbose',
},
'console': {
'level': 'INFO',
'class': 'logging.StreamHandler',
},
},
'loggers': {
'django': {
'handlers': ['watchtower', 'console'],
'level': 'INFO',
'propagate': True,
},
'django.user': {
'handlers': ['watchtower'],
'level': DJANGO_LOG_LEVEL,
'propagate': False,
},
'django.partner': {
'handlers': ['watchtower'],
'level': DJANGO_LOG_LEVEL,
'propagate': False,
},
}
}
使用Amazon ECS任务的IAM角色,您可以指定IAM角色,任务中的容器可以使用该角色来访问AWS资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.