- Newest
- Most votes
- Most comments
similar issue, but with 404 IAM roles are set and should be working fine, credentials are added in the command line, but nevertheless I get this
Error response from daemon: failed to create task for container: failed to initialize logging driver: failed to create Cloudwatch log stream: operation error CloudWatch Logs: CreateLogStream, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, http response error StatusCode: 404, request to EC2 IMDS failed
Hi, I believe that you should read following blog post to solve you issue in trying to supply AWS credentials to Docker runtime: https://aws.amazon.com/blogs/containers/deploy-applications-on-amazon-ecs-using-docker-compose/
Following section is key one for your use case: read it and following to create proper context with AWS credentials.
A note on the AWS credentials: if you are already familiar with AWS you probably already
have your AWS CLI environment ready with either a default or named profiles. That’s fine,
the Docker CLI can use those credentials. If not, the Docker workflow will allow you to either
read the environment variables with your AWS credentials (AWS_ACCESS_KEY_ID and
AWS_SECRET_ACCESS_KEY) or it will ask for those credentials and will store the credentials
for you (in $HOME/.aws/credentials).
Best, Didier
I solved it by creating a new IAM user with access only to create logstreams and configure this user as my default on the host. Then running sudo aws ecr get-login-password --region eu-west-1 | sudo docker login --username AWS --password-stdin [account id].dkr.ecr.eu-west-1.amazonaws.com
will pipe the valid credentials to the docker daemon.
I guess this requires an ECR access, but I'm hosting my images on dockerhub. nevertheless, it should work without any docker repository :/
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
I have the same issue, even while populating AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN in the environment, after running and sts assume-role. When running log operation in my terminal session all goes well, but on starting a container the credentials are not picked up even when passing all the environment to docker with --env-file. I suspect the docker daemon doesn't care about the environment variables once it's started, something like that.