0

I have ECS which runs on EC2

Normally, I put some containers on EC2 node and run the services (That's the basic practice of ECS....)

However,now I need to run the code on EC2 directry, So I put the code in userdata and which uses boto3 (for monitoring GPU)

However this error happens.

botocore.exceptions.NoCredentialsError: Unable to locate credentials

In container, I run the script including boto3, this error doesn't occur.

So I guess aws credentialis automatically set in container but not in EC2 node on ECS. Am I correct?

However can I do the equivalent setting in EC2 node?

whitebear
  • 11,200
  • 24
  • 114
  • 237
  • I would only expect to see that error if you aren't assigning an IAM Instance Profile to the EC2 instance. But if that is the case, then it also shouldn't be able to attach to the ECS cluster. – Mark B Jun 25 '23 at 14:19
  • Does this help? https://stackoverflow.com/a/71884476/1032785 – jordanm Jun 25 '23 at 15:28
  • The problem is solved. When I put data in userdata it works. However when I testing with ec2-user there comes error above. so I misunderstood there was no credentials. – whitebear Jun 27 '23 at 00:37

1 Answers1

-1

The containers you're running on your EC2 instances via ECS do not have access to credentials you may have stored on ephemeral storage on the instance(s). It would be better to assign your desired AWS credentials to an IAM Instance Profile and inherit those permissions natively through the EC2 metadata service. Setting up your hosts this way means you don't need to store any keys, or credentials on the host. Boto3 will automatically find the credentials from the metadata service without you needing to configure anything, giving you a more secure way to provide AWS permissions for your resources.

CDC4
  • 29
  • 3