How do I get AWS credentials in the AWS ECS docker container?

First, I use the server environment:

  • sever: django + nginx + uwsgi
  • cloud: docker + AWS ECS
  • logging: AWS CloudWatch log service + watchtower third party app

I am using the watchtower third party app for the AWS CloudWatch log service.
So, I need to give AWS credential information to the docker container.

  • How to get hostPort mapped inside Docker Container in AWS ECS
  • Build container found dead before completing the build. Build container died because it was out of memory, or the Docker image was missing glibc
  • Nginx Docker build failing on Ubuntu
  • “Invalid configuration for registry” error when executing “eb local run”
  • Docker swarm and published port not available
  • Framework auto-scale container docker on AWS
  • When testing locally, docker run -v $ HOME / .aws: /root/.aws --rm -it -p 8080: 80 image_name will connect the local credentials to the volume.

    But I don’t know how to apply it in AWS ECS.

    http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html

    I am following the above article, and I have written the .aws/ecs.confg file by following above article.

    AWS_DEFAULT_REGION=ap-northeast-1
    AWS_ACCESS_KEY_ID=bbbbbbbbb
    AWS_SECRET_ACCESS_KEY=aaaaaaaaaaaa
    

    I added command to the Dockerfile likes bello.

    COPY        .aws/ecs.config             /etc/ecs/ecs.config
    

    However, internal server error occurs when accessing ECS.

    I have also tried to assign an “IAM role” to the container when “Task define”
    Even if you create “CloudWatchLogsFullAccess IAM role”, nothing appears on the “Task define” creation screen role drop down.

    If you have any other way, please help me.

    Thank you.

    Here is my logging setting. In local tests, logging works normally.

    LOGGING = {
        'version': 1,
        'disable_existing_loggers': False,
        'formatters': {
            'verbose': {
                'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
            },
            'simple': {
                'format': '%(levelname)s %(message)s'
            },
        },
        'handlers': {
            'watchtower': {
                'level': 'DEBUG',
                'class': 'watchtower.CloudWatchLogHandler',
                'formatter': 'verbose',
            },
            'console': {
                'level': 'INFO',
                'class': 'logging.StreamHandler',
            },
        },
        'loggers': {
            'django': {
                'handlers': ['watchtower', 'console'],
                'level': 'INFO',
                'propagate': True,
            },
            'django.user': {
                'handlers': ['watchtower'],
                'level': DJANGO_LOG_LEVEL,
                'propagate': False,
            },
            'django.partner': {
                'handlers': ['watchtower'],
                'level': DJANGO_LOG_LEVEL,
                'propagate': False,
            },
        }
    }
    

  • Does AWS support Kubernetes?
  • Amazon EC2 boot time
  • Docker push to AWS ECR fails on Windows: no basic auth credentials
  • Docker in docker on AWS Elastic Beanstalk
  • Upgrading Docker in Amazon linux AMI to 1.11.1
  • AWS when we have to update task definition
  • One Solution collect form web for “How do I get AWS credentials in the AWS ECS docker container?”

    With IAM roles for Amazon ECS tasks, you can specify an IAM role that can be used by the containers in a task to access AWS resources.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.