0

I am developing an API using Python and utilizing boto3 for AWS operations. I intend to pass the AWS credentials into the Docker CI build so that boto3 can access them.

However, when running the GitHub Action CI build, boto3 is unable to assume the AWS credentials and raises this error:

Boto3 Error: botocore.exceptions.NoCredentialsError: Unable to locate credentials

Here is the Github Action:

name: Continuous Integration 
on:
  push:
    branches: [ '*' ]
  pull_request:
    branches: [ '*' ]
  workflow_dispatch:
jobs:
  build:
    name: Continuous Integration Build
    runs-on: ubuntu-latest
    
    steps:
      - name: Check Out Repository
        uses: actions/checkout@v3
      
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: eu-west-1

      - name: Setup Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2

      - name: Cache Register
        uses: actions/cache@v3
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ hashFiles('**/Dockerfile') }}

      - name: Build Docker Image
        uses: docker/build-push-action@v4
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: 'eu-west-1'
        with:
          context: ./
          file: ./Dockerfile
          target: testing
          builder: ${{ steps.buildx.outputs.name }}
          load: true
          cache-from: type=gha,src=/tmp/.buildx-cache
          cache-to: type=gha,dest=/tmp/.buildx-cache
          build-args: |
            AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
            AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}

Here its the docker-compose.yml:

version: "3.4"
services:
  my-api:
    build:
      context: ./
      dockerfile: Dockerfile
      target: development
    environment:
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
    ports:
      - "9090:9090"

And finally here is the piece of code that boto3 fails on:

def boto_login():

    # Create a Secrets Manager client
    session = boto3.session.Session()
    client = session.client(
        service_name='secretsmanager',
        region_name=region_name
    )
gravitypulling
  • 98
  • 2
  • 8
  • 1
    Possible help [here](https://stackoverflow.com/questions/58643905/how-aws-credentials-works-at-github-actions). – jarmod Apr 24 '23 at 22:43

0 Answers0