In this post, which is a followup to the one here we'll run the AWS CLI client in a Docker container rather then install it on our host machine.

The lab assumes that Docker is already installed and running on the machine we are using. In this particular lab I have got a bare system without any other containers or images installed.

Initial-Docker

It's a simple command to pull the latest image and try to run a command to list the buckets in our AWS account.

Pulling-AWS-Docker

This shows that we didn't have the image installed locally and it got pulled from Docker Hub (we haven't specified any particular version so it will pull the latest one).

--rm specifies that we will clean up and delete the container after use
--it is for a shell session into the container

S3 ls at the end of the command is to just list the S3 buckets within our account (or at least the ones that our access will let us see). As we haven't provided any credentials the client is not able to log in (which would frankly be really worrying if it could at this stage).

We can verify that we now have the image saved on our machine but there are still no containers running.

Docker-After-Download

Running with Environmental Variables

We can pass our Access-Key and Secret-Access-Key as environmental variables to provide our credentials

Running-with-ENV

This is done using

--e followed by the various variables that we will pass to the container
--rm to clean up afterwards
--it for a shell session into the container

This shows that we were able to bring up a container running the client, pass it our credentials and run a command to interact with our account (in this case to list our S3 buckets).

Mounting .aws into Container

We can also mount our credentials, which by default are in a hidden .aws folder within the home folder from our host machine into the container.

Mount-into-Container

--v for mounting from our host into the container
--rm to clean up afterwards
--it for a shell session into the container

This time we were able to use our credentials from the host machine.

Conclusions

The use of a Docker container makes it easy to interact with our AWS account using an up to date image which can be set to always use the latest version, pulling it onto the the Host if required.

We looked at two ways of passing the necessary credentials to our container by either mounting the necessary files from the host or passing them as environmental variables which means nothing is left afterwards.