bash docker - 尽管存在,但在容器中找不到 aws 凭据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31073863/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
docker - cannot find aws credentials in container although they exist
提问by hyprstack
Running the following docker command on macworks and on linux, running ubuntucannot find the aws clicredentials. It returns the following message: Unable to locate credentials
Completed 1 part(s) with ... file(s) remaining
在macworks 和 on 上运行以下 docker 命令linux,runningubuntu找不到aws cli凭据。它返回以下消息:Unable to locate credentials
Completed 1 part(s) with ... file(s) remaining
The command which runs an image and mounts a data volume and then copies a file from and s3 bucket, and starts the bash shell in the docker container.
该命令运行映像并挂载数据卷,然后从 s3 存储桶复制文件,并在 docker 容器中启动 bash shell。
sudo docker run -it --rm -v ~/.aws:/root/.aws username/docker-image sh -c 'aws s3 cp s3://bucketname/filename.tar.gz /home/emailer && cd /home/emailer && tar zxvf filename.tar.gz && /bin/bash'
sudo docker run -it --rm -v ~/.aws:/root/.aws username/docker-image sh -c 'aws s3 cp s3://bucketname/filename.tar.gz /home/emailer && cd /home/emailer && tar zxvf filename.tar.gz && /bin/bash'
What am I missing here?
我在这里错过了什么?
This is my Dockerfile:
这是我的Dockerfile:
FROM ubuntu:latest
#install node and npm
RUN apt-get update && \
apt-get -y install curl && \
curl -sL https://deb.nodesource.com/setup | sudo bash - && \
apt-get -y install python build-essential nodejs
#install and set-up aws-cli
RUN sudo apt-get -y install \
git \
nano \
unzip && \
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" && \
unzip awscli-bundle.zip
RUN sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
# Provides cached layer for node_modules
ADD package.json /tmp/package.json
RUN cd /tmp && npm install
RUN mkdir -p /home/emailer && cp -a /tmp/node_modules /home/emailer/
采纳答案by devfubar
what do you see if you run
如果你跑,你会看到什么
ls -l ~/.aws/config
within your docker instance?
在您的 docker 实例中?
回答by juicedatom
There are a few things that could be wrong. One, as mentioned previously you should check if your ~/.aws/config file is set accordingly. If not, you can follow this linkto set it up. Once you have done that you can map the ~/.awsfolder using the -vflag on docker run.
有几件事可能是错误的。一,如前所述,您应该检查您的 ~/.aws/config 文件是否相应设置。如果没有,您可以按照此链接进行设置。完成后,您可以~/.aws使用 上的-v标志映射文件夹docker run。
If your ~/.awsfolder is mapped correctly, make sure to check the permissions on the files under ~/.aws so that they are able to be accessed safely by whatever process is trying to access them. If you are running as the user process, simply running chmod 444 ~/.aws/*should do the trick. This will give full read permissions to the file. Of course, if you want write permissions you can add whatever other modifiers you need. Just make sure the read octal is flipped for your corresponding user and/or group.
如果您的~/.aws文件夹映射正确,请确保检查 ~/.aws 下文件的权限,以便任何试图访问它们的进程都能安全地访问它们。如果您作为用户进程运行,只需运行即可chmod 444 ~/.aws/*。这将授予对文件的完全读取权限。当然,如果您想要写权限,您可以添加您需要的任何其他修饰符。只需确保为您的相应用户和/或组翻转读取的八进制。
回答by Bastian Venthur
Mounting $HOME/.aws/into the container should work. Make sure to mount it as read-only.
安装$HOME/.aws/到容器中应该可以工作。确保将其安装为只读。
It is also worth mentioning, if you have several profilesin your ~/.aws/config-- you must also provide the AWS_PROFILE=somethingsomethingenvironment variable. E.g. via docker run -e AWS_PROFILE=xxx ...otherwise you'll get the same error message (unable to locate credentials).
还值得一提的是,如果您有多个配置文件,您~/.aws/config还必须提供AWS_PROFILE=somethingsomething环境变量。例如通过docker run -e AWS_PROFILE=xxx ...否则您将收到相同的错误消息(无法找到凭据)。
回答by Tony Lee
You can use environment variable instead of copying ~/.aws/credentials and config file into container for aws-cli
您可以使用环境变量而不是将 ~/.aws/credentials 和配置文件复制到 aws-cli 的容器中
docker run \
-e AWS_ACCESS_KEY_ID=AXXXXXXXXXXXXE \
-e AWS_SECRET_ACCESS_KEY=wXXXXXXXXXXXXY \
-e AWS_DEFAULT_REGION=us-west-2 \
<img>
docker run \
-e AWS_ACCESS_KEY_ID=AXXXXXXXXXXXXE \
-e AWS_SECRET_ACCESS_KEY=wXXXXXXXXXXXXY \
-e AWS_DEFAULT_REGION=us-west-2 \
<img>
Ref: AWS CLI Doc
参考:AWS CLI 文档
