如何通过AWS_ACCESS_KEY_ID和AWS_SECRET_KEY将Docker运行在makefile内？

发布于 2025-02-09 12:37:29 字数 1152 浏览 1 评论 0 原文

我像往常一样定义了〜/.aws/内部的配置和凭据。

在我在Docker内部运行的Python脚本中，要获取 boto3 以检测我成功的凭据

docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY my_app_name

！

但是，在一个makefile中（请），我有以下内容：

run:
    docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY my_app_name

IE一样！但是，执行

make run

Python

Traceback (most recent call last):
  File "myfile.py", line 31, in <module>
    from my_module import (
  File "myfile.py", line 99, in <module>
    auth = AWSV4SignerAuth(credentials=credentials, region=region_name)
  File "/usr/local/lib/python3.9/site-packages/opensearchpy/helpers/signer.py", line 55, in __init__
    raise ValueError("Credentials cannot be empty")
ValueError: Credentials cannot be empty
make: *** [run] Error 1

时，为什么？

我该如何修复？

原文

I have defined my config and credentials inside ~/.aws/ as usual.

In my python script running inside Docker, to get boto3 to detect the credentials I run

docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY my_app_name

Success!

But, in a Makefile (kindly provided by https://gist.github.com/mpneuried/0594963ad38e68917ef189b4e6a269db), I have the following:

run:
    docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY my_app_name

i.e. the same! However, when executing

make run

python throws

Traceback (most recent call last):
  File "myfile.py", line 31, in <module>
    from my_module import (
  File "myfile.py", line 99, in <module>
    auth = AWSV4SignerAuth(credentials=credentials, region=region_name)
  File "/usr/local/lib/python3.9/site-packages/opensearchpy/helpers/signer.py", line 55, in __init__
    raise ValueError("Credentials cannot be empty")
ValueError: Credentials cannot be empty
make: *** [run] Error 1

Why?

How do I fix it?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

比忠 2025-02-16 12:37:29

我不喜欢它，我很想听听更好的方式，但是我最终做了以下操作。

在makefile中，

export AWS_ACCESS_KEY_ID=$(shell aws configure get aws_access_key_id --profile default)
export AWS_SECRET_ACCESS_KEY=$(shell aws configure get aws_secret_access_key --profile default)

run:
    #aws configure list # potentially useful
    #aws sts get-caller-identity # potentially useful
    docker run --platform linux/amd64 -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -i -t --rm --name= my_app_name $(APP_NAME)

注意：

我尝试使用 .oneshell 等。但是徒劳无功。
我尝试使用＆amp;＆amp; 等。但也徒劳地。
由于评论中给出的原因，我不想使用音量安装。我也不希望将变量导出到我所有其他外壳上，因此我仅在makefile中定义它们（并希望获得最好的：\）。
我是正确的，将钥匙自动在部署的AWS侧自动拾取。

I don't like it, and I would love to hear of a better way, but I ended up doing the following.

In the Makefile,

export AWS_ACCESS_KEY_ID=$(shell aws configure get aws_access_key_id --profile default)
export AWS_SECRET_ACCESS_KEY=$(shell aws configure get aws_secret_access_key --profile default)

run:
    #aws configure list # potentially useful
    #aws sts get-caller-identity # potentially useful
    docker run --platform linux/amd64 -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -i -t --rm --name= my_app_name $(APP_NAME)

Notes:

I tried to use .ONESHELL etc. but in vain.
I tried to use && etc. but also in vain.
I didn't want to use a volume mount for the reasons given in the comments. I also didn't want the variables exported to all my other shells so I defined them solely within the Makefile (and hoped for the best :\ ).
I was right that the keys are automatically picked up on the deployed AWS side.