如何从 docker 容器内的主机工作站获取 aws 凭据

Question

I am trying to get my AWS credentials into my Docker container for use on my local (for development). I found this article, https://cameroneckelberry.co/words/getting-aws-credentials-into-a-docker-container-without-hardcoding-it , but I have no idea how to "create an AWS shell script" or what -profile is. I don't see that on my system. Yes, I do have AWS CLI installed and also have put my AWS_ACCESS_KEY_ID and my AWS_SECRET_ACCESS_KEY into my .env file. I have also put my credentials into $home/.aws/credentials as requested, but can't see how that has any affect on the env variables. From the article:

Running $ aws help we see there is a –profile parameter. Leveraging this, we can write a shell script to get our credentials into our Docker container.

AWS_ACCESS_KEY_ID=$(aws --profile default configure get aws_access_key_id) AWS_SECRET_ACCESS_KEY=$(aws --profile default configure get aws_secret_access_key)

docker build -t my_app. docker run -it --rm \ -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \ -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY

If someone could explain exactly what to do, as if speaking to a child, I would appreciate it.

Answer 1

I think the easiest way would be to do what AWS is doing when they show how to use local containers with AWS services, such as for local AWS Glue . Namely they share the ~/.aws/ in read-only mode with the docker container using volume option:

-v ~/.aws:/root/.aws:ro

Obviously you would have to adjust the paths above to match your local and docker setup. Thus your docker command could be:

docker run -it --rm -v ~/.aws:/root/.aws:ro <name-of-image-to-run>

The other way is to pass the AWS credentials using docker environment variables, which you already are trying.

Regarding --profile . Your ~/.aws can have multiple profiles , eg for different AWS accounts. Using the --profile you specify which profile to use.