[英]Obtain credentials to an ECS with IAM role
trying to test a way to obtain creds to an ECS task without hard-coded creds by using IAM role尝试使用 IAM 角色测试一种无需硬编码凭据即可获取 ECS 任务凭据的方法
created a dummy python app that retrive the secret and returns it,example :创建了一个虚拟的python应用程序来检索秘密并返回它,例如:
{
username: "x",
password: "x",
engine: "postgres",
host: "x",
port: 5432,
dbInstanceIdentifier: "x"
}
Dockerfile (asked to be added) Dockerfile(要求添加)
FROM python:3.8-slim-buster
WORKDIR /app
COPY requirements.txt requirements.txt
RUN pip3 install -r requirements.txt
COPY app2.py .
RUN chmod +x /app/app2.py
CMD [ "python3", "/app/app2.py"]
ERROR i get :我得到的错误:
each task fails instantly,when i ssh the task ec2 and logs the container :每个任务都会立即失败,当我 ssh 任务 ec2 并记录容器时:
standard_init_linux.go:211: exec user process caused "exec format error"
Created a task definition and used the correct Task role创建任务定义并使用正确的任务角色
Task role
devops-TestRole
IAM role (AWS Service: ecs-tasks): IAM 角色(AWS 服务:ecs-tasks):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
And和
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"kms:Decrypt"
],
"Resource": [
"arn:aws:secretsmanager:x:x:secret:x",
"arn:aws:kms:x:x:key/x"
]
}
]
}
THANKS !!谢谢 !!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.