1

I want to create a docker image with my testing aws credentials. This is my current Dockerfile looks like. What I want to do is copy my .aws folder into container and use that data, without passing them through command line. is it possible? then how can I do that? Thank you. enter image description here

dkz
  • 59
  • 1
  • 3
  • 6
  • since you have ‘COPY . .’ the files should already be there (at /usr/src/app) – Milan Markovic Nov 03 '20 at 21:01
  • @MilanMarkovic I checked it, but only file I can see is Dockerfile – dkz Nov 04 '20 at 04:12
  • you would have to copy the credentials file next to the Docker file yourself, the build can reach only files inside the build folder. but don't do that, hardcoding credentials is considered as bad and usafe practice for many reasons – gusto2 Nov 04 '20 at 07:10
  • 1
    Does this answer your question? [What is the best way to pass AWS credentials to a Docker container?](https://stackoverflow.com/questions/36354423/what-is-the-best-way-to-pass-aws-credentials-to-a-docker-container) – Maks3w Feb 21 '21 at 09:04

2 Answers2

4

I believe its better to let container orchestration services do this in production, but if you want to test your code/app or just want to do it that way, you could do the following:

in the docker-compose.yml file mount the aws credentials folder as a volume:

    volumes:
    - /home/user/.aws:/root/.aws

if using docker only, mount it using the -v flag:

docker run -v /home/user/.aws:/root/.aws
Jhon Parra
  • 41
  • 2
3

What I want to do is copy my .aws folder into container

I would advice not to copy the credential directly to the docker image. If you need to use the aws api, there are better ways to pass the credentials at the run time (regardless using the docker directly, compose or under kubernetes).

  1. You can pass the aws credentials as environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. If using kubernetes, there is great concept of secrets

  2. mount the file .aws/credentials as a mounted volume

Edit (I forgot this one) :

  1. if the pods are running on AWS EKS, you can assign the pod an IAM execution role. That was you don't need to pass any credentials.
gusto2
  • 11,210
  • 2
  • 17
  • 36