Obtain credentials to an ECS with IAM role
Question
trying to test a way to obtain creds to an ECS task without hard-coded creds by using IAM role
created a dummy python app that retrive the secret and returns it,example :
{
username: "x",
password: "x",
engine: "postgres",
host: "x",
port: 5432,
dbInstanceIdentifier: "x"
}
Dockerfile (asked to be added)
FROM python:3.8-slim-buster
WORKDIR /app
COPY requirements.txt requirements.txt
RUN pip3 install -r requirements.txt
COPY app2.py .
RUN chmod +x /app/app2.py
CMD [ "python3", "/app/app2.py"]
ERROR i get :
each task fails instantly,when i ssh the task ec2 and logs the container :
standard_init_linux.go:211: exec user process caused "exec format error"
Created a task definition and used the correct Task role
Task role
devops-TestRole
IAM role (AWS Service: ecs-tasks):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
And
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"kms:Decrypt"
],
"Resource": [
"arn:aws:secretsmanager:x:x:secret:x",
"arn:aws:kms:x:x:key/x"
]
}
]
}
THANKS !!
1 answers
solution1
0 2021-11-01 11:18:02
Found a solution.
As mentioned here Link ,It can be caused due different chips(using arm64-M1)
Used
docker build --platform linux/amd64 -t devops-tests .
And it fixed it !
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.