Skip to content
wordpress meta

title: 'Using AWS CLI Docker image'
date: '2020-03-21T08:25:31-05:00'
status: publish
permalink: /using-aws-cli-docker-image
author: admin
excerpt: ''
type: post
id: 1471
category:
    - Docker
tag: []
post_format: []

Recording my test running AWS CLI in a docker image.

```bash

get a base ubuntu image

docker pull ubuntu

Using default tag: latest latest: Pulling from library/ubuntu ...

install the Aws CLI and commit to a image

docker run -it --name awscli ubuntu /bin/bash

root@25b777958aad:/# apt update root@25b777958aad:/# apt upgrade root@25b777958aad:/# apt install awscli root@25b777958aad:/# exit

docker commit 25b777958aad awscli

sha256:9e1f0fef4051c86c3e1b9beecd20b29a3f11f86b5a63f1d03fefc41111f8fb47

alias to run a docker image with cli commands

alias awscli=docker run -it --name aws-iqonda --rm -e AWS_DEFAULT_REGION='us-east-1' -e AWS_ACCESS_KEY_ID='<...>' -e AWS_SECRET_ACCESS_KEY='<...>' --entrypoint aws awscli

awscli s3 ls | grep ls-al

2016-02-17 15:43:57 j.ls-al.com

awscli ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId,Tags[?Key==Name].Value|[0],State.Name,PrivateIpAddress,PublicIpAddress]' --output text

i-0e38cd17dfed16658 ec2server running 172.31.48.7 xxx.xxx.xxx.xxx

one way to hide key variables with pass/gpg https://blog.gruntwork.io/authenticating-to-aws-with-environment-variables-e793d6f6d02e

$ pass init email@addr.ess $ pass insert awscreds-iqonda/aws-access-key-id $ pass insert awscreds-iqonda/aws-secret-access-key

$ pass Password Store └── awscreds-iqonda ├── aws-access-key-id └── aws-secret-access-key

$ pass awscreds-iqonda/aws-access-key-id <...> $ pass awscreds-iqonda/aws-secret-access-key <...>

$ export AWS_ACCESS_KEY_ID=$(pass awscreds-iqonda/aws-access-key-id) $ export AWS_SECRET_ACCESS_KEY=$(pass awscreds-iqonda/aws-secret-access-key)

** TODO: how to batch this? this is fine for desktop use but I do not want a gpg keyring password prompt either text or graphic in a server scripting situation. Maybe look at hashicorp vault?

$ env | grep AWS AWS_SECRET_ACCESS_KEY=<...> AWS_ACCESS_KEY_ID=<...>

for convenience use an alias

$ alias awscli=sudo docker run -it --name aws-iqonda --rm -e AWS_DEFAULT_REGION='us-east-1' -e AWS_ACCESS_KEY_ID='$AWS_ACCESS_KEY_ID' -e AWS_SECRET_ACCESS_KEY='$AWS_SECRET_ACCESS_KEY' --entrypoint aws awscli

$ awscli s3 ls ````

Some useful References: