How to Pass AWS credentials to docker compose network in Codebuild

Question

I am running a docker compose network on AWS CodeBuild and I need to pass AWS credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to the docker containers as they need to interact with AWS SSM. What is the best way to get these credentials from CodeBuild and pass them to the docker containers?

Initially, I thought of mounting the credentials directory from CodeBuild as a volume by adding this to each service in the docker-compose.yml file

volumes:
      - '${HOME}/.aws/credentials:/root/.aws/credentials'

but that did not work as it seems the ${HOME}/.aws/ folder on the CodeBuild environment did not have any credentials in it

score 0 · Answer 1 · answered Aug 25 '19 at 10:14

Using Docker secret, you may create your secrets:

docker secret create credentials.cnf credentials.cnf

define your Keys in the credentials.cnf file, and include it in your compose file as below:

services:
   example:
       image:
       environment:
       secrets:
            - credentials.cnf


secrets:
  - AWS_KEY:
    file: credentials.cnf
  - AWS_SECRET:
    file: credentials.cnf

You can view your secrets with docker secrets ls

score 0 · Answer 2 · answered Aug 29 '19 at 10:33

0

In the environment section of the CodeBuild project you have an option to set the environment variable from the value stored in Parameter Store.

answered Aug 29 '19 at 10:33

Petar Mitrovic

121
6

How to Pass AWS credentials to docker compose network in Codebuild

2 Answers2