问题
What is the suggested way to pass IAM role to a Docker container on EC2?
I have a mlflow project running in a docker environment on EC2. The python code needs to read and write from S3. The following is the error (sometimes other types of error also indicating no s3 access from the container, for example s3 resourece not found error)
botocore.exceptions.ProfileNotFound: The config profile (xxx) could not be found
To solve the s3 access issue, I already created an IAM role that allows access to the bucket.
What are the best ways to give this role to the Docker container?
Is it possible to define the role name in Dockerfile?
Thanks
回答1:
If you are using ECS to run containers on your EC2 instances you can set the taskRoleArn in the Task Definition. If you are running docker on EC2 without ECS you could give the instance the role and use --net host and the container should use the ec2 instance's role.
回答2:
I'm using docker on EC2 and I just created an Instance Profile.
If you use Console:
Instances -> CHOOSE YOUR INSTANCE -> Actions -> Instance Settings -> Attach/Replace IAM Role
If you use CloudFormation:
EC2Instance:
Type: AWS::EC2::Instance
Properties:
IamInstanceProfile: !Ref EC2InstanceIAMInstanceProfile
...
来源:https://stackoverflow.com/questions/56449585/passing-iam-role-to-a-docker-on-ec2