How do I get AWS credentials in the AWS ECS docker container?

First, I use the server environment:

  • sever: django + nginx + uwsgi
  • cloud: docker + AWS ECS
  • logging: AWS CloudWatch log service + watchtower third party app

I am using the watchtower third party app for the AWS CloudWatch log service.
So, I need to give AWS credential information to the docker container.

  • AWS Elastic Beanstalk with single container docker: Logging parameter in Dockerfile.aws.json
  • Isolate PHP versions on AWS EC2
  • Docker + Jenkins + AWS
  • AWS Elastic Beanstalk Docker PHP application
  • botocore.exceptions.EndpointConnectionError from inside Mac Docker container
  • aws container service \ how dockers configured for communicating with each other
  • When testing locally, docker run -v $ HOME / .aws: /root/.aws --rm -it -p 8080: 80 image_name will connect the local credentials to the volume.

    But I don’t know how to apply it in AWS ECS.

    http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html

    I am following the above article, and I have written the .aws/ecs.confg file by following above article.

    AWS_DEFAULT_REGION=ap-northeast-1
    AWS_ACCESS_KEY_ID=bbbbbbbbb
    AWS_SECRET_ACCESS_KEY=aaaaaaaaaaaa
    

    I added command to the Dockerfile likes bello.

    COPY        .aws/ecs.config             /etc/ecs/ecs.config
    

    However, internal server error occurs when accessing ECS.

    I have also tried to assign an “IAM role” to the container when “Task define”
    Even if you create “CloudWatchLogsFullAccess IAM role”, nothing appears on the “Task define” creation screen role drop down.

    If you have any other way, please help me.

    Thank you.

    Here is my logging setting. In local tests, logging works normally.

    LOGGING = {
        'version': 1,
        'disable_existing_loggers': False,
        'formatters': {
            'verbose': {
                'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
            },
            'simple': {
                'format': '%(levelname)s %(message)s'
            },
        },
        'handlers': {
            'watchtower': {
                'level': 'DEBUG',
                'class': 'watchtower.CloudWatchLogHandler',
                'formatter': 'verbose',
            },
            'console': {
                'level': 'INFO',
                'class': 'logging.StreamHandler',
            },
        },
        'loggers': {
            'django': {
                'handlers': ['watchtower', 'console'],
                'level': 'INFO',
                'propagate': True,
            },
            'django.user': {
                'handlers': ['watchtower'],
                'level': DJANGO_LOG_LEVEL,
                'propagate': False,
            },
            'django.partner': {
                'handlers': ['watchtower'],
                'level': DJANGO_LOG_LEVEL,
                'propagate': False,
            },
        }
    }
    

  • Docker containers seem to 'inherit' the instance profile of the host ec2. How?
  • How to Access AWS EC2 docker tomcat instance running inside jenkins docker instance from my local browser
  • Pulling image from Amazon ECR using docker-java
  • Running Spring Boot Microservices using Docker and AWS ECS
  • How to create a multi container web application in docker
  • bundling source code in docker containers
  • One Solution collect form web for “How do I get AWS credentials in the AWS ECS docker container?”

    With IAM roles for Amazon ECS tasks, you can specify an IAM role that can be used by the containers in a task to access AWS resources.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.