Reputation: 12926
Fetching credentials in an AWS Batch job
So we are running an AWS Batch job on ECS/Fargate and want to access some AWS service.
Where do I get the credentials (SecretAccessKey etc) from, that is the credentials for the assigned Job Role?
Places already checked:
- $HOME/.aws: Does not exist
- Env Vars: Not there
- Env Var
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: Nope
Using AWS CLI does work (magically, as it walks the credential chain), but we do not want to ship AWS CLI nor some AWS SDK.
If we have to sts_client.assume_role(), how to do that without an AWS SDK (yes, we are using Rust)?
Update
When running CLI with aws configure --debug export-credentials in the Batch job, we see that the credential gets successfully resolved by the by calling the endpoint botocore.credentials.SSOProviderhttp://169.254.170.2/v2/credentials/UUID. Still a mistery which credential provider does resolve, and where the UUID is sourced from.
Upvotes: 0
Views: 252
Answers (0)
Related Questions
- How to pass AWS credentials from react
- how to add sharedIdentifier to aws event bridge rule for scheduled execution of aws batch job
- AWS Managed Apache airflow (MWAA) or AWS Batch for simple batch job flow
- AWS Batch permits only 32 concurrent jobs in array configuration
- Does every aws batch job spin up a new docker container