Unable to locate credentials when running airflow in docker

Question

I run airflow in docker and has volumes setting as

- ~/.aws:/usr/local/airflow/.aws:rw

I can see my local ~/.aws/credentials has:

[some_profile]
aws_access_key_id = xxxxx
aws_secret_access_key = xxxxx

and I can see the same content in airflow worker /usr/local/airflow/.aws/credentials, and aws configure list can return expected results like:

      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                 datalake              env    ['xxx_PROFILE', 'AWS_PROFILE']
access_key     ****************xxxx shared-credentials-file
secret_key     ****************xxxx shared-credentials-file
    region                <not set>             None    None

and cmd like aws s3 ls works locally. However for

sts_client = boto3.client('sts')
assumed_role = sts_client.assume_role(RoleArn=role_arn, RoleSessionName='xxx')

it throws:

botocore.exceptions.NoCredentialsError: Unable to locate credentials

What am I missing here? Thanks.

Answer 1

The problem could be here. When you're declaring [some_profile] for the credentials file, it should be like this:

[default]
aws_access_key_id = xxxxx
aws_secret_access_key = xxxxx 

There must be a default profile in your credentials.

If that doesn't work, you can always set the credentials manually

First, set the profile

[some_profile]
aws_access_key_id = xxxxx
aws_secret_access_key = xxxxx 

Then, your Python code should look like this

os.environ['AWS_PROFILE'] = "some_profile"
os.environ['AWS_DEFAULT_REGION'] = "some_region"

s3 = boto3.client('s3', region_name='some_region')