将 AWS 凭证传递给 Docker 容器的最佳方法是什么? [英] What is the best way to pass AWS credentials to a Docker container?

问题描述

我在 Amazon EC2 上运行 docker-container.目前我已将 AWS 凭证添加到 Dockerfile.你能告诉我最好的方法吗?

I am running docker-container on Amazon EC2. Currently I have added AWS Credentials to Dockerfile. Could you please let me know the best way to do this?

推荐答案

最好的方法是使用 IAM 角色，根本不处理凭证.(请参阅 http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html )

The best way is to use IAM Role and do not deal with credentials at all. (see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html )

凭证可以从 http://169.254.169.254..... 检索，因为这是一个私有 IP 地址，它只能从 EC2 实例访问.

Credentials could be retrieved from http://169.254.169.254..... Since this is a private ip address, it could be accessible only from EC2 instances.

所有现代 AWS 客户端库都知道"如何从那里获取、刷新和使用凭证.因此，在大多数情况下，您甚至不需要了解它.只需使用正确的 IAM 角色运行 ec2 即可.

All modern AWS client libraries "know" how to fetch, refresh and use credentials from there. So in most cases you don't even need to know about it. Just run ec2 with correct IAM role and you good to go.

作为一个选项，您可以在运行时将它们作为环境变量传递(即 docker run -e AWS_ACCESS_KEY_ID=xyz -e AWS_SECRET_ACCESS_KEY=aaa myimage)

As an option you can pass them at the runtime as environment variables ( i.e docker run -e AWS_ACCESS_KEY_ID=xyz -e AWS_SECRET_ACCESS_KEY=aaa myimage)

您可以通过在终端运行 printenv 来访问这些环境变量.

You can access these environment variables by running printenv at the terminal.

这篇关于将 AWS 凭证传递给 Docker 容器的最佳方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！