Docker 中未访问 AWS Config 凭证

Question

我在本地系统上设置了秘密管理器，现在我的 Windows 根目录中有 .aws 目录。通过使用以下代码，我正在检索我的访问密钥 ID 和值。

client.getSecretValue({SecretId: secretName}, function(err, data) {
// console.log(err);
if (err) {
    console.log(err);
    if (err.code === 'DecryptionFailureException')
        // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
        throw err;
    else if (err.code === 'InternalServiceErrorException')
        // An error occurred on the server side.
        throw err;
    else if (err.code === 'InvalidParameterException')
        // You provided an invalid value for a parameter.
        throw err;
    else if (err.code === 'InvalidRequestException')
        // You provided a parameter value that is not valid for the current state of the resource.
        throw err;
    else if (err.code === 'ResourceNotFoundException')
        // We can't find the resource that you asked for.
        throw err;
}
else {
    
    // Decrypts secret using the associated KMS CMK.
    // Depending on whether the secret is a string or binary, one of these fields will be populated.
    if ('SecretString' in data) {
        secret = JSON.parse(data.SecretString);
        secretKey = secret["AWS_ACCESS_KEY_ID"];
        clientID = secret["AWS_ACCESS_KEY_ID"];
        secret.region = "us-east-1";
        global.secret = secret;
    } else {
        let buff = new Buffer(data.SecretBinary, 'base64');
        decodedBinarySecret = buff.toString('ascii');
    }

    // routes 
   
    require('./services')(router,validation);
}

});

它运行良好。但是当我用 docker 运行上面的代码时，它会因为以下错误而失败

配置中缺少凭据，如果使用 AWS_CONFIG_FILE，请设置 AWS_SDK_LOAD_CONFIG=1。

Answer 1

您可以通过 CLI 将这些值作为 environment variables 传递。

要使用以下语法运行此操作

docker run -it -p 3000:3000 -e AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE -e AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY service-docker-image-2:latest .