New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running Container as non root user can't write to AWS config file #30
Comments
I've taken a look at the issue boto/boto3#2309 and found that there is currently no API for EKS get token. However, there is a py module for EKS get token located at https://pypi.org/project/eks-token/, as mentioned in this comment on the issue: boto/boto3#2309 (comment). By using this py module, we could avoid the need to create a wrapped subprocess for the aws-cli command in our codebase. I plan to test this module and create a pull request if it proves helpful in allowing us to run containers as non-root users. |
This an issue with aws cache dir not the aws config file |
Add volume mount for the aws cache directory. This should fix a issue when running aws-cli command and getting permission error when running container as non root user. See current issue here fairfaxmedia/k8s-secret-updater#30
fairfaxmedia/charts#72 will fix this issue |
Add volume mount for the aws cache directory. This should fix a issue when running aws-cli command and getting permission error when running container as non root user. See current issue here fairfaxmedia/k8s-secret-updater#30
When I try to execute any AWS CLI command as a non-root user while running the k8s-secret-updater, I encounter the error message
[Errno 13] Permission denied: '/.aws'
.The application is currently using the following approach for EKS auth:
However, running the application as a non-root user always results in a permission denied error. I have attempted to resolve this issue by setting the environment variable
AWS_CONFIG_FILE=/tmp/aws_config
andAWS_SHARED_CREDENTIALS_FILE=/tmp/aws_cred
, but this did not work.According to the AWS documentation, the
AWS_CONFIG_FILE
environment variable specifies the location of the file that the AWS CLI uses to store configuration profiles, and the default path is~/.aws/config
. However, it is not possible to specify this value in a named profile setting or by using a command line parameter.I am a bit confused by the statement
It may be necessary to update the
Dockerfile
to better support non-root user executions. Unless we can think of a better way.The text was updated successfully, but these errors were encountered: