0

My dockerFile looks like

FROM python:3.9
RUN mkdir /app
COPY aws_spot_connect_test.py /app/aws_spot_connect.py
COPY requirements.txt /app/requirements.txt
WORKDIR /app
RUN pip install -r requirements.txt
ENTRYPOINT ["sleep","1800"]

I want make actions on my aws account but withRole I don't want enter ACCESS/_KEY and SECRET to my container since it's not secure.

I run the docker with docker run -it --entrypoint /bin/bash adi20022023:v2

I wanted make manually the actions I should do in the script.

I created a role which is a trust-relationship to itself. I set it as as env param. export ROLE_ARN=xxxxx

But when I tried aws sts get-caller-identity or I try assume the role I can't because of Unable to locate credentials

What can I do in order make aws actions without enter my ACCESS_KEY and SECRET_ACCESS_KEY ?

Adi Israel
  • 9
  • 4
  • Running locally? Provide access keys. Running on e.g. AWS EC2? Credentials should already be set if you configured a profile when creating the instance. – luk2302 Feb 20 '23 at 12:05
  • For now I am running it locally, but I want it will be on ECR later. I don't want insert my access_key and secret_access_key into the container, from what I know it is not reccommended. – Adi Israel Feb 20 '23 at 12:10
  • Does this answer your question? [What is the best way to pass AWS credentials to a Docker container?](https://stackoverflow.com/questions/36354423/what-is-the-best-way-to-pass-aws-credentials-to-a-docker-container) – luk2302 Feb 20 '23 at 12:11
  • All of those ways combined volumes or accessKey and secretAccessKey I was thinking that I can use just role, and let it assumeRole to itself and then assumeRole to other role with tempoary credentials I got from the firstRole. – Adi Israel Feb 20 '23 at 12:19
  • No, you cannot just use a role, a role is not something you can authenticate with. You can write a wrapper that takes the role and your credentials, assume the role and passes the resulting credentials to the container / env. – luk2302 Feb 20 '23 at 15:03

0 Answers0