amazon-web-servicesdockeraws-credentials

botocore.exceptions.ProfileNotFound - Pass AWS credentials to docker image


This seems to be an issue many people have faced but the solutions I tried haven't solved it:

I have a python app that I dockerized and that I want to push to an EC2 container, however, once dockerized, the app has issues (locally) to access my AWS credentials:

santeau_session = boto3.Session(profile_name='Santeau')
db = santeau_session.resource('dynamodb',  region_name='us-west-2')
MainPage = db.Table('mp')

When trying to pass them that way:docker run -v $HOME/.aws/credentials:/home/app/.aws/credentials:ro ks/mz
I get:

Traceback (most recent call last):  File "./main.py", line 17, in <module>
    santeau_session = boto3.Session(profile_name='Santeau')
  File "/usr/local/lib/python3.8/site-packages/boto3/session.py", line 80, in __init__
    self._setup_loader()
  File "/usr/local/lib/python3.8/site-packages/boto3/session.py", line 120, in _setup_loader
    self._loader = self._session.get_component('data_loader')
  File "/usr/local/lib/python3.8/site-packages/botocore/session.py", line 698, in get_component
    return self._components.get_component(name)
  File "/usr/local/lib/python3.8/site-packages/botocore/session.py", line 937, in get_component
    self._components[name] = factory()
  File "/usr/local/lib/python3.8/site-packages/botocore/session.py", line 158, in <lambda>
    lambda:  create_loader(self.get_config_variable('data_path')))
  File "/usr/local/lib/python3.8/site-packages/botocore/session.py", line 251, in get_config_variable
    return self.get_component('config_store').get_config_variable(
  File "/usr/local/lib/python3.8/site-packages/botocore/configprovider.py", line 313, in get_config_variable
    return provider.provide()
  File "/usr/local/lib/python3.8/site-packages/botocore/configprovider.py", line 410, in provide
    value = provider.provide()
  File "/usr/local/lib/python3.8/site-packages/botocore/configprovider.py", line 471, in provide
    scoped_config = self._session.get_scoped_config()
  File "/usr/local/lib/python3.8/site-packages/botocore/session.py", line 351, in get_scoped_config
    raise ProfileNotFound(profile=profile_name)
botocore.exceptions.ProfileNotFound: The config profile (Santeau) could not be found

My credentials file looks (kind of) like this, and the app correctly connects when not run with docker:

aws_access_key_id = ------------------
aws_secret_access_key = ------------------
[Santeau]
aws_access_key_id = ------------------
aws_secret_access_key = ------------------

Why does it work undockerized but not dockerized, and how can I solve this ?


Solution

  • My guess is that your docker container isn't running as the user and with the home you're expecting. I noticed that you hard coded /home/app/.aws/credentials

    You should login to your container and discover what user it's running as and where your home is. You could run aws configure and then find where the credentials files were stored.

    Many run as root so your command would look something like this docker run -v ~/.aws/:/root/.aws:ro your_image

    Edit: Alternatively, you can pass the AWS_SHARED_CREDENTIALS_FILE environment variable of your file location directly. Here's more information: https://boto3.amazonaws.com/v1/documentation/api/1.9.42/guide/configuration.html