2

I am using below code to publish message to SNS.

AmazonSNSclient snsClient=null;
snsClient=AmazonSNSClientBuilder.standard.withRegion("us-east-2").build();
snsClient.publish(topicAr,"Sample SNS Message");

This code is inside a java servlet and it's war is deployed using docker on EC2 instance. The issue is docker is unable to pick the IAM role from Ec2 instance hence failing to publish a message to SNS

Background: When I am running the above code via EC2 instance terminal, I am able to publish message. But When I am putting this code in java servlet based application and deploying the war of it on Docker, It is not able to publish the message because it is not getting IAM role.

Error message is in the screen short.

enter image description here

elves 0055
  • 39
  • 2
  • 1
    Does this answer your question? [Passing aws credentials to Docker](https://stackoverflow.com/questions/53442954/passing-aws-credentials-to-docker) – omuthu Mar 23 '22 at 14:18
  • 3
    Can you replace the "enter image description here" link with the actual text of the error you're getting? What credentials are you getting in the two cases, and how do you expect the process to get them? – David Maze Mar 23 '22 at 14:21
  • 1
    There is 0 reason that you couldn't copy/paste that error message into the question itself, to make it searchable and indexable. – Mark B Mar 23 '22 at 14:23
  • @omuthu the answer you linked doesn't use an EC2 IAM role, it just uses a credentials file. – Mark B Mar 23 '22 at 14:29

1 Answers1

1

The EC2 metadata service is not available inside a Docker container running on the EC2 instance. There are some projects out there that try to solve that issue, like this one.

Otherwise you would need to pass IAM credentials to the container in some other way, for example through environment variables.

Of course if you were using AWS ECS, you would be able to assign an IAM role to your container.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • I have passed role through environment variable In two way but neither of two worked. 1. Through environment file "docker run -e AWS_ROLE="arn:aws:iam::23412351256......"" and other is "docker run --env-file ./envFile.env" ; Content of envFile is x-aws-role="arn:aws:iam::23412351256......" – elves 0055 Mar 24 '22 at 09:54
  • @elves0055 how did you determine that `AWS_ROLE` was the correct environment variable name? https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html – Mark B Mar 24 '22 at 13:12
  • Actually I was not able to find the exact key for IAM Role, so I took a reference "AWS_CREDENTIAL_PROFILES_FILE" this for "credentials files" and named accordingly. – elves 0055 Mar 24 '22 at 13:54
  • 1
    You couldn't find a reference because it's not something the AWS SDK for Java supports. You can't just guess at this stuff and expect it to work. I suggest looking at the documentation I linked above. – Mark B Mar 24 '22 at 14:01
  • Hi @mark Sorry to inform you, I have look into above documentation meticulously and did not find the key to assign IAM role. – elves 0055 Mar 24 '22 at 16:40
  • Like I said, it's not something the AWS SDK supports. You need to configure it in a different way. – Mark B Mar 24 '22 at 17:22