获取具有 IAM 角色的 ECS 的凭证

Question

trying to test a way to obtain creds to an ECS task without hard-coded creds by using IAM role

created a dummy python app that retrive the secret and returns it,example :

{
username: "x",
password: "x",
engine: "postgres",
host: "x",
port: 5432,
dbInstanceIdentifier: "x"
}

Dockerfile (asked to be added)

FROM python:3.8-slim-buster
WORKDIR /app
COPY requirements.txt requirements.txt
RUN pip3 install -r requirements.txt
COPY app2.py .
RUN chmod +x /app/app2.py
CMD [ "python3", "/app/app2.py"]

ERROR i get :

each task fails instantly,when i ssh the task ec2 and logs the container :

standard_init_linux.go:211: exec user process caused "exec format error"

Created a task definition and used the correct Task role

Task role
devops-TestRole

IAM role (AWS Service: ecs-tasks):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }

And

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue",
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:secretsmanager:x:x:secret:x",
                "arn:aws:kms:x:x:key/x"
            ]
        }
    ]
}

THANKS !!

Answer 1

Found a solution.

As mentioned here Link ,It can be caused due different chips(using arm64-M1)

Used

docker build --platform linux/amd64 -t devops-tests .

And it fixed it !