使用 Boto3 无法在 Fargate 容器中找到凭据
[英]Unable to locate credentials inside fargate container, using Boto3
问题描述
I am trying to create a container that splits files and then uploads them to S3 container.
我正在尝试创建一个拆分文件然后将它们上传到 S3 容器的容器。 The process works as intended, but when trying to send the file to S3 it fails with the error Unable to locate credentials inside fargate container .该过程按预期工作,但在尝试将文件发送到 S3 时失败,并出现错误Unable to locate credentials inside fargate container 。
My dockerfile looks like this:我的 dockerfile 看起来像这样:
FROM python:3.8-slim
RUN apt-get update \
&& apt-get install -y wget \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir /tmp/splitter
RUN pip install --upgrade pip && \
pip install --no-cache-dir requests boto3
RUN wget -O /tmp/init.sh (WHATEVER) \
&& chmod +x /tmp/init.sh
CMD /tmp/init.sh
I have my role set up like the ecsTaskExecutionRole that appears in Amazon's documentation .我的角色设置类似于亚马逊文档中出现的 ecsTaskExecutionRole。
1 个解决方案
解决方案1
3 已采纳 2021-02-01 12:29:16
ecsTaskExecutionRole is not for your container to access S3. ecsTaskExecutionRole不适用于您的容器访问 S3。 It is for ECS itself to be able to, eg pull your docker image from ECR. ECS 本身能够,例如,从 ECR 中提取您的 docker 映像。
For your application permissions in the container, you need a task role , not the task execution role.对于容器中的应用程序权限,您需要一个任务角色,而不是任务执行角色。 It can be confusing because both are named similarly and both have same trust policy.这可能会令人困惑,因为两者的名称相似并且都具有相同的信任策略。
The task role can be specified along task execution role:任务角色可以与任务执行角色一起指定:
The roles can also be set at task definition level:角色也可以在任务定义级别设置:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.