Fetching AWS instance metadata from within Docker container?
Question
Is there a straightforward way to access AWS instance metadata from within a Docker container?
For example, when trying to fetch credentials for an IAM role on an EC2 instance, this would work on the instance itself:
http://169.254.169.254/latest/meta-data/iam/security-credentials/my_role
...but not from within a Docker container running on that EC2 instance.
2 answers
solution1
37 2014-03-14 17:13:42
There should be no difference between doing this in a container vs the host. The container can access EC2 metadata directly.
root@f1e5964e87e4:/# curl http://169.254.169.254/latest/meta-data/iam/security-credentials/myrole
{
"Code" : "Success",
"LastUpdated" : "2014-03-14T17:07:24Z",
"Type" : "AWS-HMAC",
"AccessKeyId" : "mykey",
"SecretAccessKey" : "mysecret",
"Token" : "mytoken",
"Expiration" : "2014-03-14T23:09:39Z"
}
What do you see when you try the command from within the container? has an IAM role assigned?
solution2
0 2020-07-08 16:32:26
As mentioned by @Ben Whaley in comments, below commands worked for me, mentioned in https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html
$gateway = (Get-NetRoute | Where { $_.DestinationPrefix -eq '0.0.0.0/0' } | Sort-Object RouteMetric | Select NextHop).NextHop
$ifIndex = (Get-NetAdapter -InterfaceDescription "Hyper-V Virtual Ethernet*" | Sort-Object | Select ifIndex).ifIndex
New-NetRoute -DestinationPrefix 169.254.169.254/32 -InterfaceIndex $ifIndex -NextHop $gateway
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.