How do I get AWS credentials in the AWS ECS docker container?

django amazon-web-services logging docker amazon-cloudwatchlogs
byunghyun park picture byunghyun park · Jun 1, 2017 · Viewed 7.6k times · Source

First, I use the server environment:

  • sever: django + nginx + uwsgi
  • cloud: docker + AWS ECS
  • logging: AWS CloudWatch log service + watchtower third party app

I am using the watchtower third party app for the AWS CloudWatch log service. So, I need to give AWS credential information to the docker container.

When testing locally, docker run -v $ HOME / .aws: /root/.aws --rm -it -p 8080: 80 image_name will connect the local credentials to the volume.

But I don't know how to apply it in AWS ECS.

http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html

I am following the above article, and I have written the .aws/ecs.confg file by following above article.

AWS_DEFAULT_REGION=ap-northeast-1
AWS_ACCESS_KEY_ID=bbbbbbbbb
AWS_SECRET_ACCESS_KEY=aaaaaaaaaaaa

I added command to the Dockerfile likes bello.

COPY        .aws/ecs.config             /etc/ecs/ecs.config

However, internal server error occurs when accessing ECS.

I have also tried to assign an "IAM role" to the container when "Task define" Even if you create "CloudWatchLogsFullAccess IAM role", nothing appears on the "Task define" creation screen role drop down.

If you have any other way, please help me.

Thank you.

Here is my logging setting. In local tests, logging works normally.

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'formatters': {
        'verbose': {
            'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
        },
        'simple': {
            'format': '%(levelname)s %(message)s'
        },
    },
    'handlers': {
        'watchtower': {
            'level': 'DEBUG',
            'class': 'watchtower.CloudWatchLogHandler',
            'formatter': 'verbose',
        },
        'console': {
            'level': 'INFO',
            'class': 'logging.StreamHandler',
        },
    },
    'loggers': {
        'django': {
            'handlers': ['watchtower', 'console'],
            'level': 'INFO',
            'propagate': True,
        },
        'django.user': {
            'handlers': ['watchtower'],
            'level': DJANGO_LOG_LEVEL,
            'propagate': False,
        },
        'django.partner': {
            'handlers': ['watchtower'],
            'level': DJANGO_LOG_LEVEL,
            'propagate': False,
        },
    }
}

Answer

Ashan picture Ashan · Jun 1, 2017

With IAM roles for Amazon ECS tasks, you can specify an IAM role that can be used by the containers in a task to access AWS resources.

Related questions

AWS: can't connect to RDS database from my machine

The EC2 instance/live web can connect just fine to the RDS database. But when I want to debug the code in my local machine, I can't connect to the database and got this error: OperationalError: (2003, "Can't connect to MySQL …

Read More
git aws.push: No module named boto

i'm trying to follow the tutorial: deploy django on aws Elastic Beanstalk when i'm doing the Step 6's substep 5: git aws.push I get a ImportError message: (tryhasinenv)Lee-Jamess-MacBook-Pro:tryhasin h0925473$ git aws.push Traceback (most recent call last): File ".…

Read More
Setting up Django on AWS Elastic Beanstalk: WSGIPath not found

I've been trying for several days now to set up Django under Amazon Web Services' Elastic Beanstalk. I think the problem I'm hitting is this one: ERROR - Your WSGIPath refers to a file that does not exist. I followed …

Read More