使用Visual Studio 2017运行Docker容器时如何管理AWS凭证 [英] How to manage AWS credentials when running a Docker container with Visual Studio 2017

问题描述

我有一个使用Visual Studio 2017开发的.NET Core 2.0控制台应用程序。launchSettings.json文件设置了一个环境变量，允许它使用开发人员的默认AWS凭证

I have a .NET Core 2.0 console application developed using Visual Studio 2017. The launchSettings.json file sets an environment variable that allows it to use the developer's default AWS credentials

  "environmentVariables": {
    "AWS_PROFILE": "default"
    ...
  }

我现在已经在VS解决方案中添加了Docker支持，并试图在Linux Docker容器中运行该应用程序。当然，它由于以下异常而失败，因为它无法找到配置文件：

I have now added Docker support to the VS solution, and am trying to run the application in a Linux Docker container. Of course it fails with the following exception, as it is unable to find the profile:

Amazon.Runtime.AmazonClientException: Unable to find the 'default' profile in CredentialProfileStoreChain.

在开发环境中将AWS凭证传递给Docker容器的最佳方法是什么？我显然不想将我的凭据作为环境变量放入launchSettings.json中，因为此文件已提交到源代码管理。

What is the best way to pass AWS credentials to the Docker container in a development environment? I obviously don't want to put my credentials as environment variables in launchSettings.json as this file is committed to source control.

编辑

我要寻找一个解决方案，当我在开发人员机器上的Visual Studio 2017中进行调试时，允许我的Docker容器访问开发人员的凭据。发布版本将部署到AWS，并且IAM角色将排除对凭证的需求。凭证位于文件％USERPROFILE％\.aws\凭证中，我正在寻找一种解决方案，该解决方案使我能够在Docker容器内使用它们而无需将它们暴露在其他地方：因此，我不想将它们放置在launchSettings.json或启动Docker容器的任何其他文件中。

Just to be clear, I am looking for a solution that allows my Docker container to access the developer's credentials when debugging in Visual Studio 2017 on the developer's machine. Release builds will be deployed to AWS and an IAM role will preclude the need for credentials. The credentials are in the file %USERPROFILE%\.aws\credentials and I'm looking for a solution that will enable me to use them from within the Docker container without exposing them elsewhere: hence I don't want to put them in launchSettings.json or any other file that launches the Docker container.

我设想的解决方案可能涉及安装Docker容器中的Windows驱动器（或至少目录
％USERPROFILE％\.aws\ ），然后设置环境变量（ AWS_SHARED_CREDENTIALS_FILE ？），以便AWS自动找到凭据文件。

A solution I envisage could involve mounting the Windows drive in the Docker container (or at least the directory %USERPROFILE%\.aws\) then setting an environment variable (AWS_SHARED_CREDENTIALS_FILE ?) in the Docker container so that AWS automagically finds the credentials file.

我不知道该怎么做，

推荐答案

我寻求的解决方案是编辑 docker -Visual Studio Tools for Docker添加的-compose.override.yml 文件，并添加以下行：

The solution I went for was to edit the docker-compose.override.yml file that was added by Visual Studio Tools for Docker, and add the following lines:

version: '3'

services:
  mydockerapp:
    volumes:
      - ${USERPROFILE}/.aws:/root/.aws
    environment:
      - AWS_REGION=(your region)
      - AWS_PROFILE=default

这会将包含AWS凭证的.aws目录安装在Docker中的适当位置容器（ / root 是默认的HOME目录），并设置环境变量以选择配置文件和区域。在Docker中运行时，不使用.NET Core项目中的 launchSettings.json 文件。

This mounts the .aws directory containing AWS credentials in the appropriate place in the Docker container (/root is the default HOME directory), and sets environment variables to select the profile and region. The launchSettings.json file in the .NET Core project is not used when running in Docker.

这篇关于使用Visual Studio 2017运行Docker容器时如何管理AWS凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！