Docker构建过程中的AWS凭证 [英] AWS credentials during Docker build process

问题描述

作为构建Docker容器的过程的一部分，我需要从s3存储桶中提取一些文件，但是尽管现在我将凭据设置为ENV vars，但我仍然得到fatal error: Unable to locate credentials(尽管想知道更好的方法)

As part of the process to build my docker container I need to pull some files from an s3 bucket but I keep getting fatal error: Unable to locate credentials even though for now I am setting the credentials as ENV vars (though would like to know of a better way to do this)

因此，在构建容器时，我会运行

So when building the container I run

docker build -t my-container --build-arg AWS_DEFAULT_REGION="region" --build-arg AWS_ACCESS_KEY="key" --build-arg AWS_SECRET_ACCESS_KEY="key" . --squash

在我的Dockerfile中，我有

And in my Dockerfile I have

ARG AWS_DEFAULT_REGION
ENV AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION

ARG AWS_ACCESS_KEY
ENV AWS_ACCESS_KEY=$AWS_ACCESS_KEY

ARG AWS_SECRET_ACCESS_KEY
ENV AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY

RUN /bin/bash -l -c "aws s3 cp s3://path/to/folder/ /my/folder --recursive"

有人知道我该如何解决(我知道有一个添加配置文件的选项，但这似乎是不必要的额外步骤，因为我应该能够从ENV读取).

Does anyone know how I can solve this (I know there is an option to add a config file but that just seems an unnecessary extra step as I should be able to read from ENV).

推荐答案

环境变量的名称为AWS_ACCESS_KEY_ID vs AWS_ACCESS_KEY

The name of the environment variable is AWS_ACCESS_KEY_ID vs AWS_ACCESS_KEY

您可以查看 amazon doc

AWS CLI支持以下变量

The following variables are supported by the AWS CLI

AWS_ACCESS_KEY_ID – AWS访问密钥.

AWS_ACCESS_KEY_ID – AWS access key.

AWS_SECRET_ACCESS_KEY – AWS密钥.访问和密钥 变量会覆盖存储在凭据和配置文件中的凭据.

AWS_SECRET_ACCESS_KEY – AWS secret key. Access and secret key variables override credentials stored in credential and config files.

AWS_SESSION_TOKEN –会话令牌.会话令牌仅在以下情况下才需要 您正在使用临时安全凭证.

AWS_SESSION_TOKEN – session token. A session token is only required if you are using temporary security credentials.

AWS_DEFAULT_REGION – AWS区域.此变量将覆盖默认值 使用中的配置文件的区域(如果已设置).

AWS_DEFAULT_REGION – AWS region. This variable overrides the default region of the in-use profile, if set.

AWS_DEFAULT_PROFILE –要使用的CLI配置文件的名称.这可以是 存储在凭证或配置文件中的配置文件的名称，或默认为 使用默认配置文件.

AWS_DEFAULT_PROFILE – name of the CLI profile to use. This can be the name of a profile stored in a credential or config file, or default to use the default profile.

AWS_CONFIG_FILE – CLI配置文件的路径.

AWS_CONFIG_FILE – path to a CLI config file.

这篇关于Docker构建过程中的AWS凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！