Accessing awscli (with updated aws profile/creds) inside Qovery container

shaider · September 13, 2022, 10:16pm

Hi I’ve been having trouble accessing awscli inside Qovery container (dockerfile). Even though the environment variables for Access and Secret Key have been setup for IAM User (with S3 access), container still is not able to access s3 bucket. How we can we let awscli inside Qovery docker use the updated AWS IAM user creds passed via Secret Environment variables from Qovery App console?

shaider · September 13, 2022, 10:17pm

shaider · September 13, 2022, 10:22pm

My IAM user (Access, Secret Key) has the full S3 access but still I’m getting the following error.

rophilogene · September 14, 2022, 7:12am

Hi @shaider , can you show me your complete Dockerfile please?

shaider · September 14, 2022, 8:47am

Hi Romaric.
Yes, following is the sample snippet that we’ve been testing/debugging.

FROM amazon/aws-cli:latest as conf
RUN mkdir -p /config
WORKDIR /config
RUN aws s3 cp s3://<Bucket>/<Filename> .

we were able to test that on local Ec2 environment by associating either the IAM role or passing the AWS Access/Secret keys as the environment variables. But in a Qovery container, it failed due to access issues. Looks like Qovery container uses the IAM role created during Qovery cluster setup?

Please let me know if you need anything else.

Thank you

rophilogene · September 14, 2022, 4:29pm

Hi @shaider ,

I do think your Dockerfile needs to have the AWS S3 secrets. Otherwise, it’s normal that you get a 403 status code from AWS. What do you think?

shaider · September 14, 2022, 6:40pm

Hi Romaric
I’ve setup the AWS Access/Secret keys (Full S3 access) as environment variables (screenshot shared above) in this Qovery application. Shouldn’t that have given the container’s awscli access to S3? Or is there any other way to set Access/Secret keys for giving aws access to Qovery app?

Sorry If I’m missing something here.
Thank you

rophilogene · September 14, 2022, 7:10pm

Hey @shaider , I think the issue is that you don’t declare the environment variables in your Dockerfile that you need. Can you take a look at this thread?

shaider · September 14, 2022, 7:29pm

Hi Romaric
I’m sure we’ve declared environment variables in Dockerfile and also used those at build and runtime (i.e entrypoint scripts). Let us re-try after checking the thread that you’ve shared and we’ll be responding here.

Thank you for the detailed answer and being super helpful as always. Really appreciate that.

shaider · September 14, 2022, 11:06pm

Hi @rophilogene
Thank you for sharing that thread. Declaring the variables in a dockerfile made it work. I think I missed declaring that in respective stage of the dockerfile build.

Thank you. really appreciate that.

rophilogene · September 15, 2022, 6:32am

Happy to see that it works now

Topic		Replies	Views
Qovery CLI unable to use container command Deployment	7	130	December 13, 2023
Passing arguments to docker run Questions and Answers qovery	10	742	March 25, 2024
Deploy Containers (≠ Application) Product qovery , container	8	884	October 15, 2022
Access environment variable for React app Deployment qovery	5	661	May 27, 2023
Need to get container ID for applications Deployment qovery , aws	2	330	March 25, 2024

Accessing awscli (with updated aws profile/creds) inside Qovery container

Related Topics