Docker构建过程中的AWS凭证 [英] AWS credentials during Docker build process
问题描述
作为构建Docker容器的过程的一部分,我需要从s3存储桶中提取一些文件,但是尽管现在我将凭据设置为ENV
vars,但我仍然得到fatal error: Unable to locate credentials
(尽管想知道更好的方法)
As part of the process to build my docker container I need to pull some files from an s3 bucket but I keep getting fatal error: Unable to locate credentials
even though for now I am setting the credentials as ENV
vars (though would like to know of a better way to do this)
因此,在构建容器时,我会运行
So when building the container I run
docker build -t my-container --build-arg AWS_DEFAULT_REGION="region" --build-arg AWS_ACCESS_KEY="key" --build-arg AWS_SECRET_ACCESS_KEY="key" . --squash
在我的Dockerfile中,我有
And in my Dockerfile I have
ARG AWS_DEFAULT_REGION
ENV AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION
ARG AWS_ACCESS_KEY
ENV AWS_ACCESS_KEY=$AWS_ACCESS_KEY
ARG AWS_SECRET_ACCESS_KEY
ENV AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
RUN /bin/bash -l -c "aws s3 cp s3://path/to/folder/ /my/folder --recursive"
有人知道我该如何解决(我知道有一个添加配置文件的选项,但这似乎是不必要的额外步骤,因为我应该能够从ENV读取).
Does anyone know how I can solve this (I know there is an option to add a config file but that just seems an unnecessary extra step as I should be able to read from ENV).
推荐答案
环境变量的名称为AWS_ACCESS_KEY_ID
vs AWS_ACCESS_KEY
The name of the environment variable is AWS_ACCESS_KEY_ID
vs AWS_ACCESS_KEY
您可以查看 amazon doc
AWS CLI支持以下变量
The following variables are supported by the AWS CLI
AWS_ACCESS_KEY_ID
– AWS访问密钥.
AWS_ACCESS_KEY_ID
– AWS access key.
AWS_SECRET_ACCESS_KEY
– AWS密钥.访问和密钥
变量会覆盖存储在凭据和配置文件中的凭据.
AWS_SECRET_ACCESS_KEY
– AWS secret key. Access and secret key
variables override credentials stored in credential and config files.
AWS_SESSION_TOKEN
–会话令牌.会话令牌仅在以下情况下才需要
您正在使用临时安全凭证.
AWS_SESSION_TOKEN
– session token. A session token is only required if
you are using temporary security credentials.
AWS_DEFAULT_REGION
– AWS区域.此变量将覆盖默认值
使用中的配置文件的区域(如果已设置).
AWS_DEFAULT_REGION
– AWS region. This variable overrides the default
region of the in-use profile, if set.
AWS_DEFAULT_PROFILE
–要使用的CLI配置文件的名称.这可以是
存储在凭证或配置文件中的配置文件的名称,或默认为
使用默认配置文件.
AWS_DEFAULT_PROFILE
– name of the CLI profile to use. This can be the
name of a profile stored in a credential or config file, or default to
use the default profile.
AWS_CONFIG_FILE
– CLI配置文件的路径.
AWS_CONFIG_FILE
– path to a CLI config file.
这篇关于Docker构建过程中的AWS凭证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!