-1

I'm trying to run aws sts get-caller-identity in a cronjob, however this results in /bin/sh: 1: aws: not found

    spec:
      containers:
      - command:
        - /bin/sh
        - -c
        - aws sts get-caller-identity
Saige Leslie
  • 1
  • 2
  • 2
    Apparently, aws is not in the path? Have you checked if aws-cli is part of the container image? Have you tried to address the aws binary directly? For me this would be /usr/local/bin/aws. – cvoigt Jan 07 '21 at 22:21
  • Can you update you question with your image specs? That would make the issue to found much easier. – acid_fuji Jan 08 '21 at 10:05
  • try to use "amazon/aws-cli" Docker image – Vasili Angapov Jan 24 '21 at 16:52

2 Answers2

0

As already mentioned in the comments, it seems that the AWS CLI is not installed in the image that your are using for this cronjob. You need to provide more information!

If you are the owner of the used image, just install the AWS CLI within the Dockerfile. If you are not the owner, just create your own image, extend it from the image you are currently using and install the AWS CLI.

For example, if you are using an Alpine based image, just create a Dockerfile

FROM <THE_ORIGINAL_IMAGE>:<TAG>

RUN apk add --no-cache python3 py3-pip && \
  pip3 install --upgrade pip && \
  pip3 install awscli

Then build the image and push it to DockerHub for an example. Now you can use this new image in your CronJob resource.

BUT, the next thing is that your CronJob Pod needs access to execute the AWS STS service. There are multiple possibilities to get this done. The best way is to use IRSA (IAM Roles for Service Accounts) Just check this blog article https://aws.amazon.com/de/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/

If you still need help, just provide more details.

Julian Kleinhans
  • 76
  • 4
0

Step 1:

You need add secrets key to kubernetes secrets:

kubectl create secret generic aws-credd --from-literal=AWS_SECRET_ACCESS_KEY=xxxxxxxxx --from-literal=AWS_ACCESS_KEY_ID=xxxxx

Step 2: copy this to -> cronjob.yaml

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: aws-cli-sync
  labels:
    app: aws-cli-sync
spec:
  schedule: "0 17 * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: aws-cli-sync
            image: mikesir87/aws-cli
            env:
              - name: AWS_ACCESS_KEY_ID
                valueFrom:
                  secretKeyRef:
                    name: aws-cred
                    key: AWS_ACCESS_KEY_ID
              - name: AWS_SECRET_ACCESS_KEY
                valueFrom:
                  secretKeyRef:
                    name: aws-cred
                    key: AWS_SECRET_ACCESS_KEY
            args:
              - /bin/sh
              - -c
              - date;aws s3 sync s3://xxx-backup-prod s3://elk-xxx-backup
          restartPolicy: Never

Step 3: add job in namespaces there you add key

kubectl apply -f ./cronjob.yaml
Robert A
  • 337
  • 4
  • 3