1. 技术文章
  2. AWS credentials during Docker build process

AWS credentials during Docker build process

孤者浪人 提交于 2019-12-22 03:59:53

问题


As part of the process to build my docker container I need to pull some files from an s3 bucket but I keep getting fatal error: Unable to locate credentials even though for now I am setting the credentials as ENV vars (though would like to know of a better way to do this)

So when building the container I run 

docker build -t my-container --build-arg AWS_DEFAULT_REGION="region" --build-arg AWS_ACCESS_KEY="key" --build-arg AWS_SECRET_ACCESS_KEY="key" . --squash

And in my Dockerfile I have 

ARG AWS_DEFAULT_REGION
ENV AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION

ARG AWS_ACCESS_KEY
ENV AWS_ACCESS_KEY=$AWS_ACCESS_KEY

ARG AWS_SECRET_ACCESS_KEY
ENV AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY

RUN /bin/bash -l -c "aws s3 cp s3://path/to/folder/ /my/folder --recursive"

Does anyone know how I can solve this (I know there is an option to add a config file but that just seems an unnecessary extra step as I should be able to read from ENV).


回答1:


The name of the environment variable is AWS_ACCESS_KEY_ID vs AWS_ACCESS_KEY

You can review the full list from amazon doc

The following variables are supported by the AWS CLI

AWS_ACCESS_KEY_ID – AWS access key.

AWS_SECRET_ACCESS_KEY – AWS secret key. Access and secret key variables override credentials stored in credential and config files.

AWS_SESSION_TOKEN – session token. A session token is only required if you are using temporary security credentials.

AWS_DEFAULT_REGION – AWS region. This variable overrides the default region of the in-use profile, if set.

AWS_DEFAULT_PROFILE – name of the CLI profile to use. This can be the name of a profile stored in a credential or config file, or default to use the default profile.

AWS_CONFIG_FILE – path to a CLI config file.




回答2:


An abuse of the predefined *_PROXY arguments makes credentials data full invisible for the "docker history .." calls :-)

FROM mcr.microsoft.com/windows/servercore:ltsc2019
WORKDIR "C:\zenonSetup"
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

RUN net use X: \\ATSZG-WKS210\zenonSetup $Env:FTP_PROXY /user:$Env:HTTP_PROXY;\
    Start-Process 'X:\SetupPrerequisites\Microsoft Visual C++ 2010 Redistributable\vstor_redist.exe' '/quiet /install' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\Microsoft Visual C++ 2013 Redistributable (x86)\vcredist_x86.exe' '/quiet /install' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\Microsoft Visual C++ 2013 Redistributable (x64)\vcredist_x64.exe' '/quiet /install' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\Microsoft Visual C++ 2017 Redistributable (x86)\vc_redist.x86.exe' '/quiet /install' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\Microsoft Visual C++ 2017 Redistributable (x64)\vc_redist.x64.exe' '/quiet /install' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\Microsoft Visual Studio 2017 Remote Tools\VS_RemoteTools.exe' '/quiet /install' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\CodeMeter Runtime Kit (x64)\CodeMeterRuntime64.exe' '/q' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\VBA\x86\Vba71.msi' '/qn' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\VBA\x86\Vba71_1033.msi' '/qn' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\VBA\x64\Vba71.msi' '/qn' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\VBA\x64\Vba71_1033.msi' '/qn' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\dotnet-runtime-2.1.5-win-x86.exe' '/quiet /install' -PassThru | Wait-Process;\
    Start-Process 'X:\SetupPrerequisites\dotnet-runtime-2.1.5-win-x64.exe' '/quiet /install' -PassThru | Wait-Process;\
    Start-Process 'X:\MSI\commonX86.msi' '/qn' -PassThru | Wait-Process;\
    Start-Process 'X:\MSI\commonX64.msi' '/qn' -PassThru | Wait-Process;\
    Start-Process 'X:\MSI\commonoemX86.msi' '/qn' -PassThru | Wait-Process;\
    Start-Process 'X:\MSI\scadaX86.msi' '/qn CDPROP_TYPE=RT CDPROP_EDITION=SUPERVISOR INSTALLDIR_X86=C:\zenonSetup\32 INSTALLDIR_X64=C:\zenonSetup\64 ADDLOCAL=ALL' -PassThru | Wait-Process;\
    Start-Process 'X:\MSI\scadaX64.msi' '/qn CDPROP_TYPE=RT CDPROP_EDITION=SUPERVISOR INSTALLDIR_X86=C:\zenonSetup\32 INSTALLDIR_X64=C:\zenonSetup\64 ADDLOCAL=ALL' -PassThru | Wait-Process;\
    Start-Process 'regedit' '/s /q X:\RegistryDataDir.reg' -Wait -NoNewWindow;\
    Copy-Item -Path 'X:\settings.ps1' -Destination '.\settings.ps1';\
    Copy-Item -Path 'X:\templates.ps1' -Destination '.\templates.ps1';\
    Copy-Item -Path 'X:\start.bat' -Destination '.\start.bat';\
    Copy-Item -Path 'X:\zenonDataTemplates' -Destination '.\zenonDataTemplates' -Recurse;

ENTRYPOINT ["CMD", "/K", "C:\\zenonSetup\\start.bat"]


来源:https://stackoverflow.com/questions/45233113/aws-credentials-during-docker-build-process

标签
Docker
dockerfile
aws-cli
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!