I have defined my config and credentials inside ~/.aws/
as usual.
In my python script running inside Docker, to get boto3
to detect the credentials I run
docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY my_app_name
Success!
But, in a Makefile (kindly provided by https://gist.github.com/mpneuried/0594963ad38e68917ef189b4e6a269db ), I have the following:
run:
docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY my_app_name
ie the same! However, when executing
make run
python throws
Traceback (most recent call last):
File "myfile.py", line 31, in <module>
from my_module import (
File "myfile.py", line 99, in <module>
auth = AWSV4SignerAuth(credentials=credentials, region=region_name)
File "/usr/local/lib/python3.9/site-packages/opensearchpy/helpers/signer.py", line 55, in __init__
raise ValueError("Credentials cannot be empty")
ValueError: Credentials cannot be empty
make: *** [run] Error 1
Why?
How do I fix it?
I don't like it, and I would love to hear of a better way, but I ended up doing the following.
In the Makefile,
export AWS_ACCESS_KEY_ID=$(shell aws configure get aws_access_key_id --profile default)
export AWS_SECRET_ACCESS_KEY=$(shell aws configure get aws_secret_access_key --profile default)
run:
#aws configure list # potentially useful
#aws sts get-caller-identity # potentially useful
docker run --platform linux/amd64 -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -i -t --rm --name= my_app_name $(APP_NAME)
Notes:
I tried to use .ONESHELL
etc. but in vain.
I tried to use &&
etc. but also in vain.
I didn't want to use a volume mount for the reasons given in the comments. I also didn't want the variables exported to all my other shells so I defined them solely within the Makefile (and hoped for the best :\ ).
I was right that the keys are automatically picked up on the deployed AWS side.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.