stackoom
  简体   繁体   中英

Where do I put `.aws/credentials` for Docker awslogs log-driver (and avoid NoCredentialProviders)?

 原文  2022-12-07 23:42:04       amazon-web-services/ docker/ amazon-cloudwatchlogs

Question

The Docker awslogs documentation states:

the default AWS shared credentials file (~/.aws/credentials of the root user)

Yet if I copy my AWS credentials file there:

sudo bash -c 'mkdir -p $HOME/.aws; cp .aws/credentials $HOME/.aws/credentials'

... and then try to use the driver: 

docker run --log-driver=awslogs --log-opt awslogs-group=neiltest-deleteme --rm hello-world

The result is still the dreaded error:

docker: Error response from daemon: failed to initialize logging driver: failed to create Cloudwatch log stream: NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors.

Where does this file really need to go? Is it because the Docker daemon isn't running as root but rather some other user and, if so, how do I determine that user?

NOTE: I can work around this on systems using systemd by setting environment variables . But this doesn't work on Google CloudShell where the Docker daemon has been started by some other method.

1 answers

solution1
 0 ACCPTED  2022-12-22 16:53:12

Ah ha: I figured it out and tested this on Debian Linux (on my Chromebook w/ Linux VM and Google CloudShell):

The.aws folder must be in the root folder of the root user not in the $HOME folder!

Based on that I was able to successfully run the following:

pushd $HOME; sudo bash -c 'mkdir -p /.aws; cp .aws/* /.aws/'; popd
docker run --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group=neiltest-deleteme --rm hello-world

I initially figured this all out by looking at the Docker daemon's process information:

DOCKERD_PID=$(ps -A | grep dockerd | grep -Eo '[0-9]+' | head -n 1)
sudo cat /proc/$DOCKERD_PID/environ

The confusing bit is that Docker's documentation here is wrong:

the default AWS shared credentials file (~/.aws/credentials of the root user)

The true location is /.aws/credentials . I believe this is because the daemon starts before $HOME is actually defined since it's not running as a user process. So starting a shell as root will tell you a different story for tilde or $HOME :

sudo sh -c 'cd ~/; echo $PWD'

That outputs /root but using /root/.aws/credentials does not work!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Dataproc: how do I configure Spark driver and executor log4j properties? Where can I log & debug Velocity Template Language (VTL) in AWS AppSync? Cant set AWS credentials in nodejs How do I change environments in AWS Amplify JIB is not able to detect docker credentials AWS - NoCredentialsError: Unable to locate credentials Getting AWS Credentials as configured on POD Where do I get the 'androidClientId' in Firebase console? How do I set credentials for google speech to text without setting environment variable? Why do i need a developer account for AWS Codestar?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM