Menu
Is there a straightforward way to access AWS instance metadata from within a Docker container?
For example, when trying to fetch credentials for an IAM role on an EC2 instance, this would work on the instance itself:
http://169.254.169.254/latest/meta-data/iam/security-credentials/my_role ...but not from within a Docker container running on that EC2 instance.
213
To view instance metadata, you can only use the link-local address of 169.254. 169.254 to access. Requests to the metadata via the URI are free, so there are no additional charges from AWS. Using the curl tool on Linux or the PowerShell cmdlet Invoke-WebRequest on Windows, you will first create your token.
Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example, host name, events, and security groups. You can also use instance metadata to access user data that you specified when launching your instance.
To retrieve user data from within a running instance, use the following URI. A request for user data returns the data as it is (content type application/octet-stream ). This example returns user data that was provided as comma-separated text.
There should be no difference between doing this in a container vs the host. The container can access EC2 metadata directly.
root@f1e5964e87e4:/# curl http://169.254.169.254/latest/meta-data/iam/security-credentials/myrole { "Code" : "Success", "LastUpdated" : "2014-03-14T17:07:24Z", "Type" : "AWS-HMAC", "AccessKeyId" : "mykey", "SecretAccessKey" : "mysecret", "Token" : "mytoken", "Expiration" : "2014-03-14T23:09:39Z" } What do you see when you try the command from within the container? has an IAM role assigned?
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
