EDIT (3 June 2018): There are security concerns with following this approach. Check out this great article on why.
When I'm building with ECS, I'm more often than not building a worker that interacts with other AWS services. I need my AWS Access Key ID and my AWS Secret Access Key for it to work locally.
Nobody wants hard-coded values being pushed to version control nor do you want to have to dig it up every time you need to develop locally.
Set up your AWS credentials per the official docs. The highlights taken from this page are as follows:
Set credentials in the AWS credentials profile file on your local system, located at:
~/.aws/credentials
on Linux, OS X, or UnixC:\Users\USERNAME\.aws\credentials
on WindowsThis file should contain lines in the following format:
[default]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key
your_access_key_id
and your_secret_access_key
.AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
environment variables.To set these variables on Linux, OS X, or Unix, use export:
export AWS_ACCESS_KEY_ID=your_access_key_id
export AWS_SECRET_ACCESS_KEY=your_secret_access_key
# To set these variables on Windows, use set:set AWS_ACCESS_KEY_ID=your_access_key_id
set AWS_SECRET_ACCESS_KEY=your_secret_access_key
Running $ aws help
we see there is a –profile
parameter.
Leveraging this, we can write a shell script to get our credentials into our Docker container.
AWS_ACCESS_KEY_ID=$(aws --profile default configure get aws_access_key_id)
AWS_SECRET_ACCESS_KEY=$(aws --profile default configure get aws_secret_access_key)
docker build -t my_app .
docker run -it --rm \
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
Now we can run locally, push to version control and not worry about our credentials being exposed in version control. Plus, you can build and run your Docker container with one command now, woohoo.
-- Cameron Eckelberry