Best way to access AWS Services from docker container

Question

Limitations:

• I don't want to include my aws config file in docker container
• I want it to work both on prod and development environment.

Things I tried:

• I used IAM roles but this works only on prod not on development environment.
• I used aws config file but it works on host not in docker container. And I dont want to copy it to the container.

Any advice on best practices about how to do that?

Update: To clarify the question: My problem is to find a common way to provide aws credentials to both on development environment and production both using docker. By"I used IAM roles but this works only on prod" I meant I used taskRoleArn on cloudformation task definition but this only effects the prod not development environment. So I need to set credentials another way (like aws config) on development environment.

Answer 1

The best practice for interactions with the AWS services is always use IAM roles where you can, especially where production based environments are used.

If you want to emulate how this works in a on-premise situation (such as in development) you use environment variables combined with an IAM user credentials.

Using the official SDK/CLI will look for the officially named environment variables, therefore your code will not need to be modified to work differently in every environment.

As I mentioned above I would highly suggest using IAM roles in your production environment.

Answer 2

IAM roles are the easiest way to give your container the permissions it needs. It works in any environment. This is the best practice for sure.

Answer 3

For anyone interested I solved my problem by following instructions here about testing IAM roles: https://aws.amazon.com/blogs/compute/a-guide-to-locally-testing-containers-with-amazon-ecs-local-endpoints-and-docker-compose/ See the section related to "ECS Local Container Endpoints"