[英]how to get aws credentials from host workstation, inside docker container
I am trying to get my AWS credentials into my Docker container for use on my local (for development).我正在尝试将我的 AWS 凭证放入我的 Docker 容器中,以便在我的本地(用于开发)上使用。 I found this article, https://cameroneckelberry.co/words/getting-aws-credentials-into-a-docker-container-without-hardcoding-it , but I have no idea how to "create an AWS shell script" or what -profile
is.我发现这篇文章https://cameroneckelberry.co/words/getting-aws-credentials-into-a-docker-container-without-hardcoding-it ,但我不知道如何“创建 AWS shell 脚本”或-profile
是什么。 I don't see that on my system.我在我的系统上没有看到。 Yes, I do have AWS CLI installed and also have put my AWS_ACCESS_KEY_ID
and my AWS_SECRET_ACCESS_KEY
into my .env
file.是的,我确实安装了 AWS CLI,并且还把我的AWS_ACCESS_KEY_ID
和我的AWS_SECRET_ACCESS_KEY
放入了我的.env
文件中。 I have also put my credentials into $home/.aws/credentials
as requested, but can't see how that has any affect on the env variables.我还按要求将我的凭据放入$home/.aws/credentials
中,但看不到这对 env 变量有何影响。 From the article:来自文章:
Running $ aws help we see there is a –profile parameter.运行 $aws help 我们看到有一个 --profile 参数。 Leveraging this, we can write a shell script to get our credentials into our Docker container.利用这一点,我们可以编写一个 shell 脚本来获取我们的凭据到我们的 Docker 容器中。
AWS_ACCESS_KEY_ID=$(aws --profile default configure get aws_access_key_id) AWS_SECRET_ACCESS_KEY=$(aws --profile default configure get aws_secret_access_key) AWS_ACCESS_KEY_ID=$(aws --profile default configure get aws_access_key_id) AWS_SECRET_ACCESS_KEY=$(aws --profile default configure get aws_secret_access_key)
docker build -t my_app. docker 构建-t my_app。 docker run -it --rm \ -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \ -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY docker 运行 -it --rm \ -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \ -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
If someone could explain exactly what to do, as if speaking to a child, I would appreciate it.如果有人可以确切地解释该怎么做,就像对孩子说话一样,我将不胜感激。
I think the easiest way would be to do what AWS is doing when they show how to use local containers with AWS services, such as for local AWS Glue .我认为最简单的方法是做 AWS 在展示如何将本地容器与 AWS 服务(例如本地 AWS Glue )一起使用时所做的事情。 Namely they share the ~/.aws/
in read-only mode with the docker container using volume option:即他们使用卷选项与 docker 容器以只读模式共享~/.aws/
:
-v ~/.aws:/root/.aws:ro
Obviously you would have to adjust the paths above to match your local and docker setup.显然,您必须调整上面的路径以匹配您的本地和 docker 设置。 Thus your docker command could be:因此,您的 docker 命令可能是:
docker run -it --rm -v ~/.aws:/root/.aws:ro <name-of-image-to-run>
The other way is to pass the AWS credentials using docker environment variables, which you already are trying.另一种方法是使用您已经在尝试的 docker 环境变量传递 AWS 凭证。
Regarding --profile
.关于--profile
。 Your ~/.aws
can have multiple profiles , eg for different AWS accounts.您的~/.aws
可以有多个配置文件,例如针对不同的 AWS 账户。 Using the --profile
you specify which profile to use.使用--profile
您指定要使用的配置文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.