Reputation: 2386
Boto3 ignores AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
I'm in an ECS Task and want to use certain AWS services. I have attached the appropriate role to the task and the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is visible. When I query it manually and setup the credentials as environment variables (id, key, token, region) I can work with the AWS API.
I assumed that boto3 is able to handle authentication transparently? But when I do the following
client = boto3.client('ecs')
I get an error that the region is required. And when I add the region via env the request fails because the token is invalid.
What am I missing?
Upvotes: 0
Views: 1071
Answers (1)
Reputation: 2386
Okay I got it to work. Instead of boto3.client('ecs') I have to create a session first and then use it to get the client:
import boto3
session = boto3.session.Session()
print(session.get_credentials().get_frozen_credentials())
ecs_client = session.client("ecs")
Like that the script will work running within an ECS task.
Upvotes: 4
Related Questions
- AWS Boto3 No Credential Error IAM role K8S
- boto3 AWS client ignoring arguments?
- access denied error when retrieving temporary credentials from aws with boto3
- Boto3 not assuming IAM role from credentials where aws-cli does without problem
- Boto is unable to access bucket inside ECS container which have correct IAM roles (but Boto3 can)
- boto3 can't connect to S3 from Docker container running in AWS batch
- Boto3 IAM User creation failing with InvalidClientTokenId - The security token included in the request is invalid
- docker boto3 AWS was not able to validate the provided access credentials
- Boto failing to authenticate with S3 IAM role
- Boto 403 AccessDenied Exception with IAM user credentials, Works in Cyberduck and AWS web console