Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

GetCallerIdentityAsync throws an exception when calling it from a docker container

See original GitHub issue

Hi,

In AWS CodeBuild, you have the ability to build your code in a Docker container. To propagate the credentials to your container, you need to pass few extra parameters:

docker build --build-arg AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION --build-arg AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI .

To validate this config, I ran aws sts get-caller-identity and got this response:

Step 9/31 : RUN aws sts get-caller-identity 
 ---> Running in 080c749553b9 
{ 
    "Account": "123456789",  
    "UserId": "AROXXXXXXX:AWSCodeBuild-(...)",  
    "Arn": "arn:aws:sts::123456789:assumed-role/codebuild-core-srv-pricing-service-role/AWSCodeBuild-(...)" 
}

When running sleet in this environment, I get the following exception:

[System.ArgumentException] Failed to determine AWS identity - ensure you have an IAM role set, have set up default credentials or have specified a profile/key pair.

Unfortunately we do no have much details regarding the exception raised by the AWS client. Would be great to add a exception.ToString() so we can troubleshoot.

I’m not sure why we are getting this error but wan we try adding a parameter called --inherit-permissions bypassing this check?

Issue Analytics

State:
Created 4 years ago
Comments:13 (5 by maintainers)

Top GitHub Comments

1reaction

serochecommented, Oct 4, 2019

Can confirm it’s working well when executing sleet in a docker container.

Don’t forget to include the following lines in your dockerfile:

# Build and deploy Domain NuGet packages
FROM mcr.microsoft.com/dotnet/core/sdk:3.0-alpine3.9 AS base
ARG AWS_DEFAULT_REGION
ARG AWS_CONTAINER_CREDENTIALS_RELATIVE_URI

ENV AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
ENV AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION

Then call docker build: docker build --build-arg AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION --build-arg AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI .

1reaction

serochecommented, Oct 2, 2019

Let me have a look on this.