Reputation: 2368
Unable to resolve AWS account to use when running CDK in a docker container
I tried to run cdk inside a docker container. Everything works fine until I try to deploy using command:
cdk deploy myStack --profile testing --require-approval never
Error
❌ MyStack failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment
I have created both config and credentials file under docker container's /root/.aws/ folder, since it will match the ~/.aws
I use this setting in my laptop and it works fine. In my laptop, those two files are under /Users/<my user name>/.aws.
My docker file:
FROM openjdk:8-jdk-slim
ARG MAVEN_VERSION=3.6.3
ARG USER_HOME_DIR="/root"
ARG SHA=c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0
ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
RUN apt-get update && \
apt-get install -y \
curl procps \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
&& curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
&& echo "${SHA} /tmp/apache-maven.tar.gz" | sha512sum -c - \
&& tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
&& rm -f /tmp/apache-maven.tar.gz \
&& ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
ENV MAVEN_HOME /usr/share/maven
ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2"
RUN apt-get update
RUN apt-get -y install curl gnupg
RUN curl -sL https://deb.nodesource.com/setup_12.x | bash -
RUN apt-get -y install nodejs
RUN npm install
RUN node -v
RUN npm -v
RUN npm install -g aws-cdk
RUN mkdir /usr/local/TestingCDK;
COPY ./src /usr/local/TestingCDK/src/
COPY pom.xml /usr/local/TestingCDK/
COPY cdk.json /usr/local/TestingCDK/
RUN cd /usr/local/TestingCDK/ && mvn compile
RUN mkdir ~/.aws
RUN cd ~ && pwd
COPY config /root/.aws/
COPY credentials /root/.aws/
CMD cdk doctor ; cat ~/.aws/config ; cd /usr/local/TestingCDK/ ; cdk deploy myStack --profile myProfile --require-approval never
Upvotes: 0
Views: 3786
Answers (1)
Reputation: 136
You should pass the keys and other variables into the container and set AWS_ environment variables instead, to name a few
AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID AWS_DEFAULT_REGION
see here:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
saving and copying your access/secret keys into the container is a very bad practice.
Upvotes: 2
Related Questions
- How to resolve: 'Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment'
- Need to perform AWS calls for account xxx, but no credentials have been configured
- docker login --username AWS --password-stdin https://<accountNumber>.dkr.ecr.<region>.amazonaws.com exited with error code 1:
- When Deploying CDK to AWS via Docker, bash: cdk: command not found
- AWS CDK: Error saving credentials: error storing credentials - err: exit status 1
- cdk unable to Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? - error when deploying cdk
- CDK Deploy fails with Access Denied
- Connecting AWS ECS Services with the CDK
- ERROR: Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment
- How can I access an EC2 instance created by CDK?