- Newest
- Most votes
- Most comments
I am not 100% sure this is possible as your running on Fargate and not EC2. The fargate instances are managed by AWS and you may not be able to obtain this information
If you're using an up-to-date version of the AWS SDK, I believe your code should work. ECS should be setting the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
environment variable to prompt the AWS SDK to obtain the temporary credentials for the task role from the appropriate metadata endpoint.
Did you configure the IAM role with the necessary permissions as the task execution role or as the task role? It should be set as the task role for your custom code accessing S3 to obtain the permissions you configured.
Am certain, the IAM role and Task exec role with necessary permissions are in place. However, the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI returns empty OR None in my case.
Relevant content
- Accepted Answerasked 2 months ago
- Accepted Answerasked 9 months ago
- Accepted Answerasked 6 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
Thanks for your input! Just to clarify, I’m authenticating and pushing artifacts to S3 using the IAM role attached to my ECS Fargate task. For authentication, I’m not using EC2 instance metadata; instead, I’m leveraging the credentials that Fargate provides to the container.
Here’s a snippet of the code for your reference:
For context, here’s the code snippet we are using with the IAmazonS3 client to interact with the S3 bucket: `var s3Client = new AmazonS3Client();
// This is used to get the caller identity (for troubleshooting or verification purposes) var stsClient = new AmazonSecurityTokenServiceClient(); var identityResponse = stsClient.GetCallerIdentity(new GetCallerIdentityRequest()); LogManager.GetLogger(Categories.General).Info($"Caller Identity: {identityResponse.Arn}");`