local ~/.aws folder not loaded by docker container

Question

local ~/.aws folder not loaded by docker container

alexey2baranov opened this issue a year ago · 3 comments

When I run daemon locally for dev and test purposts If I mount my local ~/.aws foleder into docker container, than credentials are not loaded by the daemon. As a result I get an error
[Error] Sending segment batch failed with: NoCredentialProviders: no valid providers in chain. Deprecated.

docker-compose.yml
version: "3.9"

services:
xray-daemon:
image: amazon/aws-xray-daemon
ports:
- 2000:2000/udp
environment:
- AWS_REGION=${AWS_REGION}
volumes:
# why credentials form ~/.aws profile doesn't work ?
- ~/.aws:/root/.aws
command: "--local-mode --log-level dev"

logs:
xray-daemon_1 | 2023-07-31T18:05:01Z [Debug] processor: sending complete batch
xray-daemon_1 | 2023-07-31T18:05:01Z [Debug] processor: segment batch size: 50. capacity: 50
xray-daemon_1 | 2023-07-31T18:05:02Z [Debug] processor: sending partial batch
xray-daemon_1 | 2023-07-31T18:05:02Z [Debug] processor: segment batch size: 15. capacity: 50
xray-daemon_1 | 2023-07-31T18:05:08Z [Error] Sending segment batch failed with: NoCredentialProviders: no valid providers in chain. Deprecated.
xray-daemon_1 | For verbose messaging see aws.Config.CredentialsChainVerboseErrors
xray-daemon_1 | 2023-07-31T18:05:11Z [Error] Sending segment batch failed with: NoCredentialProviders: no valid providers in chain. Deprecated.
xray-daemon_1 | For verbose messaging see aws.Config.CredentialsChainVerboseErrors

Answer 1 · 2023-08-06T18:56:25.000Z

X-Ray daemon uses AWS SDK for go v1, so user can follow AWS SDK for go dev guide to setup credential.
Or refer to a sample of ADOT Collector in docker since ADOT Collector use AWS SDK for go as well.

Answer 2 · 2023-08-07T07:44:08.000Z

@wangzlei thank you for the replay.
As it mentioned in the documentation by the link you provided

The common items in the credential chain are the following:

Environment Credentials - Set of environment variables that are useful when sub processes are created for specific roles.

Shared Credentials file (~/.aws/credentials) - This file stores your credentials based on a profile name and is useful for local development.

EC2 Instance Role Credentials - Use EC2 Instance Role to assign credentials to application running on an EC2 instance. This removes the need to manage credential files in production.

Despite what is written, if I mount my local ~/.aws/credentials to the docker's root/.aws/credentials it doesn't work for me (see docker-compose.yaml in the first message).

So this is basicaly my question why it doesn't work in this way?

Answer 3 · 2023-08-07T18:39:01.000Z

Can you ensure the credentials file is formatted properly?
https://serverfault.com/a/1055889

Also, can you ensure that the daemon has permissions to access the root/.aws/credentials file? As in, make sure that there is no issue with file/directory permissions that may block the daemon from accessing the credentials. Alternatively, you can run the daemon service with higher (sudo?) permissions.

Alternatively, for local testing, you can try to add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as Environment variables in the Docker container.