Docker containers seem to 'inherit' the instance profile of the host ec2. How?

后端 未结 1 2098
無奈伤痛
無奈伤痛 2021-02-13 23:38

We have a docker container running on an ec2 host. Within that docker container we run some aws cli commands. We haven\'t defined any AWS credentials within the container. This

相关标签:
1条回答
  • 2021-02-14 00:36

    That's correct, the credentials are of the host machine. It gets them from the metadata endpoint, as you suspected.

    One solution/workaround to give narrower access is ec2metadataproxy. I haven't used it yet.

    The security group access is based on the host container too, unfortunately.

    0 讨论(0)
提交回复
热议问题