Docker containers seem to 'inherit' the instance profile of the host ec2. How?

后端 未结 1 2099
無奈伤痛
無奈伤痛 2021-02-13 23:38

We have a docker container running on an ec2 host. Within that docker container we run some aws cli commands. We haven\'t defined any AWS credentials within the container. This

1条回答
  •  悲哀的现实
    2021-02-14 00:36

    That's correct, the credentials are of the host machine. It gets them from the metadata endpoint, as you suspected.

    One solution/workaround to give narrower access is ec2metadataproxy. I haven't used it yet.

    The security group access is based on the host container too, unfortunately.

    0 讨论(0)
提交回复
热议问题