How do I get AWS credentials in the AWS ECS docker container?

问题

First, I use the server environment:

sever: django + nginx + uwsgi
cloud: docker + AWS ECS
logging: AWS CloudWatch log service + watchtower third party app

I am using the watchtower third party app for the AWS CloudWatch log service. So, I need to give AWS credential information to the docker container.

When testing locally, docker run -v $ HOME / .aws: /root/.aws --rm -it -p 8080: 80 image_name will connect the local credentials to the volume.

But I don't know how to apply it in AWS ECS.

http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html

I am following the above article, and I have written the .aws/ecs.confg file by following above article.

AWS_DEFAULT_REGION=ap-northeast-1
AWS_ACCESS_KEY_ID=bbbbbbbbb
AWS_SECRET_ACCESS_KEY=aaaaaaaaaaaa

I added command to the Dockerfile likes bello.

COPY        .aws/ecs.config             /etc/ecs/ecs.config

However, internal server error occurs when accessing ECS.

I have also tried to assign an "IAM role" to the container when "Task define" Even if you create "CloudWatchLogsFullAccess IAM role", nothing appears on the "Task define" creation screen role drop down.

If you have any other way, please help me.

Thank you.

Here is my logging setting. In local tests, logging works normally.

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'formatters': {
        'verbose': {
            'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
        },
        'simple': {
            'format': '%(levelname)s %(message)s'
        },
    },
    'handlers': {
        'watchtower': {
            'level': 'DEBUG',
            'class': 'watchtower.CloudWatchLogHandler',
            'formatter': 'verbose',
        },
        'console': {
            'level': 'INFO',
            'class': 'logging.StreamHandler',
        },
    },
    'loggers': {
        'django': {
            'handlers': ['watchtower', 'console'],
            'level': 'INFO',
            'propagate': True,
        },
        'django.user': {
            'handlers': ['watchtower'],
            'level': DJANGO_LOG_LEVEL,
            'propagate': False,
        },
        'django.partner': {
            'handlers': ['watchtower'],
            'level': DJANGO_LOG_LEVEL,
            'propagate': False,
        },
    }
}

回答1:

With IAM roles for Amazon ECS tasks, you can specify an IAM role that can be used by the containers in a task to access AWS resources.

来源：https://stackoverflow.com/questions/44299786/how-do-i-get-aws-credentials-in-the-aws-ecs-docker-container

标签

django

amazon-web-services

logging

Docker

amazon-cloudwatchlogs