0

Is there a way for AWS credentials passed as environment variables to the docker run command to be put to use for getting the caller identity details while the container is running?

This is the docker run command being executed in the application

docker run -e AWS_ACCESS_KEY={user_credentials["AccessKeyId"]} -e AWS_SECRET_ACCESS_KEY={user_credentials["SecretAccessKey"]} -e AWS_SESSION_TOKEN={user_credentials["SessionToken"]} image_name --rm'

Sandeep
  • 1
  • 1
  • [What is the best way to pass AWS credentials to a Docker container?](https://stackoverflow.com/questions/36354423/what-is-the-best-way-to-pass-aws-credentials-to-a-docker-container) lists many many options. If you're using the Docker SDK to launch the container, you should be able to more directly pass environment variables; using an IAM role, if you can, is the best option. – David Maze Feb 09 '23 at 21:18

1 Answers1

0

The answer is actually simple, but definitely something I was not aware of. Initialized an STS client with the given credentials and then made a call to to get the caller identity details. Retrieved the credentials using the OS module. The scope of my application is very limited, hence using the credentials to get the user account details. This is what worked for me.

sts_client = boto3.client('sts', aws_access_key_id=os.environ['AccessKeyId'],
                              aws_secret_access_key=os.environ['SecretAccessKey'],
                              aws_session_token=os.environ['SessionToken'])
Sandeep
  • 1
  • 1