4

I have an EC2 instance. It has a python snippet to put some data on the s3 bucket. I have attached the S3 full admin role to this EC2 machine and it works fine. Great.

And then I wanted to run the same python script inside Docker

So I installed docker and executed the python script.

And now I get the error message saying it doesn't have access to S3 resources.

So the problem is, docker network and EC2/Host network are different, right?!?

So I googled and found this:

--net host

But how can I set this command and make the docker-in-docker looks like it is in the same network as it's host?

Where should I supposed to put this --net host part?

Jananath Banuka
  • 2,951
  • 8
  • 57
  • 105
  • https://stackoverflow.com/a/52376444/1190388 – hjpotter92 Jul 24 '20 at 08:30
  • 1
    I don't use `AWS` credentials at all, because `EC2` instance is already in the `AWS`. I have even used terraform like this. Spin up an `Ec2` instance and put some `terraform` code in their and `terraform apply` will execute without any problem since I the `Ec2` is already in the same `vpc` and all. – Jananath Banuka Jul 24 '20 at 08:51
  • 2
    have you tried to access the meta data url from inside the docker. can you ssh into the docker container and run `http://169.254.169.254/latest/meta-data/iam/security-credentials/[your role name]`. – Arun Kamalanathan Jul 24 '20 at 10:30
  • 1
    Can you also make sure that the container does not have a `.aws` directory in case if the aws cli is looking for the credentials in the wrong place. you can also pass a `--debug` option to the `aws` cli command for e.g `aws --debug s3 ls`. it could hint you where the problem is. – Arun Kamalanathan Jul 24 '20 at 10:39
  • 1
    You need to start the docker container in host mode. An example command would be, `docker run --rm -d --network host --name my_nginx nginx` – Jeevagan Jul 25 '20 at 07:21
  • since I have using `docker-in`docker` I need to add `DOCKER HOST` as well. But this time the host is `didd` no the actual host. – Jananath Banuka Jul 26 '20 at 07:19

1 Answers1

1

Move your docker application from standalone EC2 to AWS ECS there you can attach IAM role to container which simplifies work for you.

Manoj Bhagwat
  • 151
  • 2
  • 14