Error when running docker option
jingkainos opened this issue · 9 comments
I followed these steps for the docker option:
- Clone this repository, open it in a console.
- Build the docker container: docker build -t sec-viz .
3.Run the container: docker run -i --rm -t -p 3000:3000 -v $(pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz
I got the following error after step3, any idea what's wrong?
[ERROR] unable to sign request without credentials set
Thanks
hi @jingkainos . This looks similar to #109 (comment). Can you confirm if running it with those params works ?
Thanks for your help @anaynayak , I am getting a different error now "[ERROR] You are not authorized to perform this operation." I will take a closer look at the permission granted as we are using switch roles.
@jingkainos any update on your side? Got the same error as you "[ERROR] You are not authorized to perform this operation."
If you managed to solve it could you help please?
@saasseckin are you running this via aws-vault by any chance ? aws-vault uses a session token which introduces a few more env variables. With the following command i'm instead passing all AWS_ env variables to the command. Can you try and see if that works?
The command assumes you have ENV variables for the access key, secret and session token (if any)
aws-vault exec <profile> -- docker run -i -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_SECURITY_TOKEN --rm -t -p 3000:3000 -v (pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz
Alternatively if you'd instead like to directly pass them as variables without session token auth:
docker run -i --rm -t -p 3000:3000 -v (pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz /usr/local/bundle/bin/aws_security_viz -a REPLACE_AWS_ACCESS_KEY_ID -s REPLACESECRET
Hello @anaynayak thank you for the info. I applied only the comments on https://github.com/anaynayak/aws-security-viz#cleanup--add-docker-from-off-the-shelf-image and no aws-vault.
docker run -i --rm -t -p 3000:3000 -v $(pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz from the instructions gives that error.
docker run -i --rm -t -p 3000:3000 -v (pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz /usr/local/bundle/bin/aws_security_viz -a REPLACE_AWS_ACCESS_KEY_ID -s REPLACESECRET does not give any result, does not create any container(i also tried with $(pwd) versipn of your command).
By default it doesn't print anything to the console. It would create a aws-viz subdirectory in your current directory which will have the aws-security-viz.png file. Hoping that was created in your case.
I missed out wrapping (pwd) with a $. I'm using fish shell which doesn't require it so I'm assuming you accounted for that as well.
If that command works, I'll update the readme to highlight where the artifact will be. I think thats missing right now.
Found the .png file thank you for the tip. Not able to get the renderer work though
Glad that work. The process there is a little more easier since aws-security-viz now supports --serve parameter.
Something like the following will work (notice the --serve 3000 parameter):
aws-vault exec profile -- docker run -i -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_SECURITY_TOKEN --rm -t -p 3000:3000 -v (pwd)/aws-viz:/aws-security-viz --name sec-viz sec-viz /usr/local/bundle/bin/aws_security_viz --renderer navigator --serve 3000
Similarly for the non aws-vault based command.
I have updated the README instructions for usage with Docker.