From AWS documentations, a program running in AWS EC2 instance created with the correct IAM role could use AWS SDK to get temporary aws_access_key_id and aws_secret_access_key for accessing desired aws resources. Does that apply for programs running inside a docker container in that instance? In my case, the container is started via AWS ECS and the program inside the container needs to access s3.
If that is not general practice, what is the proper way of accessing a file stored in s3 from inside a container?
Yes, Program running inside ECS can access s3 similarly to a program running inside Ec2 server. You need to set up proper IAM roles while launching ECS.
See this link Amazon ECS IAM Role guide for developers