Accessing awscli (with updated aws profile/creds) inside Qovery container

Hi I’ve been having trouble accessing awscli inside Qovery container (dockerfile). Even though the environment variables for Access and Secret Key have been setup for IAM User (with S3 access), container still is not able to access s3 bucket. How we can we let awscli inside Qovery docker use the updated AWS IAM user creds passed via Secret Environment variables from Qovery App console?

My IAM user (Access, Secret Key) has the full S3 access but still I’m getting the following error.

Hi @shaider , can you show me your complete Dockerfile please?

Hi Romaric.
Yes, following is the sample snippet that we’ve been testing/debugging.

FROM amazon/aws-cli:latest as conf
RUN mkdir -p /config
WORKDIR /config
RUN aws s3 cp s3://<Bucket>/<Filename> .

we were able to test that on local Ec2 environment by associating either the IAM role or passing the AWS Access/Secret keys as the environment variables. But in a Qovery container, it failed due to access issues. Looks like Qovery container uses the IAM role created during Qovery cluster setup?

Please let me know if you need anything else.

Thank you

Hi @shaider ,

I do think your Dockerfile needs to have the AWS S3 secrets. Otherwise, it’s normal that you get a 403 status code from AWS. What do you think?

Hi Romaric
I’ve setup the AWS Access/Secret keys (Full S3 access) as environment variables (screenshot shared above) in this Qovery application. Shouldn’t that have given the container’s awscli access to S3? Or is there any other way to set Access/Secret keys for giving aws access to Qovery app?

Sorry If I’m missing something here.
Thank you

Hey @shaider , I think the issue is that you don’t declare the environment variables in your Dockerfile that you need. Can you take a look at this thread?

Hi Romaric
I’m sure we’ve declared environment variables in Dockerfile and also used those at build and runtime (i.e entrypoint scripts). Let us re-try after checking the thread that you’ve shared and we’ll be responding here.

Thank you for the detailed answer and being super helpful as always. Really appreciate that.

1 Like

Hi @rophilogene
Thank you for sharing that thread. Declaring the variables in a dockerfile made it work. I think I missed declaring that in respective stage of the dockerfile build.

Thank you. really appreciate that.

1 Like

Happy to see that it works now :blush: