将AWS凭证传递到Docker容器的最佳方法是什么? [英] What is the best way to pass AWS credentials to a Docker container?

问题描述

我正在Amazon EC2上运行docker-container.目前，我已将AWS凭证添加到Dockerfile中.您能告诉我最好的方法吗?

解决方案

最好的方法是使用IAM角色并且完全不处理凭据.(请参见 http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html )

可以从 http://169.254.169.254 .... 检索凭据.由于这是一个专用ip地址，因此只能从EC2实例访问.

所有现代AWS客户端库都知道"如何从那里获取，刷新和使用凭证.因此，在大多数情况下，您甚至不需要了解它.只需以正确的IAM角色运行ec2，一切就好了.

作为一种选择，您可以在运行时将它们作为环境变量传递(即 docker run -e AWS_ACCESS_KEY_ID = xyz -e AWS_SECRET_ACCESS_KEY = aaa myimage )

您可以通过在终端上运行printenv来访问这些环境变量.

I am running docker-container on Amazon EC2. Currently I have added AWS Credentials to Dockerfile. Could you please let me know the best way to do this?

解决方案

The best way is to use IAM Role and do not deal with credentials at all. (see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html )

Credentials could be retrieved from http://169.254.169.254..... Since this is a private ip address, it could be accessible only from EC2 instances.

All modern AWS client libraries "know" how to fetch, refresh and use credentials from there. So in most cases you don't even need to know about it. Just run ec2 with correct IAM role and you good to go.

As an option you can pass them at the runtime as environment variables ( i.e docker run -e AWS_ACCESS_KEY_ID=xyz -e AWS_SECRET_ACCESS_KEY=aaa myimage)

You can access these environment variables by running printenv at the terminal.

这篇关于将AWS凭证传递到Docker容器的最佳方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！