1

I'm trying to use AWS cli commands inside the container.

I have given policy within ECS cluster instance but it seems the container comes up with error as it tries to call AWS CLI command inside the container as an entrypoint when it boots and fails.

My IAM role with Instance Profile allows to do KMS get and decrypt which is what I need for the AWS CLI operations

Is there a way to pass credentials like instance profile inside ECS task container?

Improve this question

1 Answer 1

Reset to default
1

To pass a role to your caontainer(s) in a task you can use IAM Roles for Tasks:

With IAM roles for Amazon ECS tasks, you can specify an IAM role that can be used by the containers in a task. Applications must sign their AWS API requests with AWS credentials, and this feature provides a strategy for managing credentials for your applications to use, similar to the way that Amazon EC2 instance profiles provide credentials to EC2 instances.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yes I did that too. But I'm getting Received error when attempting to retrieve ECS metadata: Connect timeout on endpoint URL: "http://169.254.170.2/v2/credentials/d1d52870-26d0-4d73-b920-deeb44449428" error from Cloudwatch logs for the task. Is there a reason why this might be happening?
It was basically my company network blocking it. To ensure it works I had to specify NO_PROXY environment variable under /etc/ecs/ecs.config

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.