How do I pass AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to docker run within a Makefile?

Question

I have defined my config and credentials inside ~/.aws/ as usual.

In my python script running inside Docker, to get boto3 to detect the credentials I run

docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY my_app_name

Success!

But, in a Makefile (kindly provided by https://gist.github.com/mpneuried/0594963ad38e68917ef189b4e6a269db ), I have the following:

run:
    docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY my_app_name

ie the same! However, when executing

make run

python throws

Traceback (most recent call last):
  File "myfile.py", line 31, in <module>
    from my_module import (
  File "myfile.py", line 99, in <module>
    auth = AWSV4SignerAuth(credentials=credentials, region=region_name)
  File "/usr/local/lib/python3.9/site-packages/opensearchpy/helpers/signer.py", line 55, in __init__
    raise ValueError("Credentials cannot be empty")
ValueError: Credentials cannot be empty
make: *** [run] Error 1

Why?

How do I fix it?

Answer 1

I don't like it, and I would love to hear of a better way, but I ended up doing the following.

In the Makefile,

export AWS_ACCESS_KEY_ID=$(shell aws configure get aws_access_key_id --profile default)
export AWS_SECRET_ACCESS_KEY=$(shell aws configure get aws_secret_access_key --profile default)

run:
    #aws configure list # potentially useful
    #aws sts get-caller-identity # potentially useful
    docker run --platform linux/amd64 -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -i -t --rm --name= my_app_name $(APP_NAME)

Notes:

1. I tried to use .ONESHELL etc. but in vain.

2. I tried to use && etc. but also in vain.

3. I didn't want to use a volume mount for the reasons given in the comments. I also didn't want the variables exported to all my other shells so I defined them solely within the Makefile (and hoped for the best :\ ).

4. I was right that the keys are automatically picked up on the deployed AWS side.