Search code examples
pythonamazon-web-servicesdockeramazon-ec2amazon-sqs

EndpointConnectionError when connecting to sqs via docker running from an EC2 instance

I have a python application that I want to connect to sqs and receive messages from. I'm trying to run this application on an EC2 via docker, but when I do I get botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "https://queue.amazonaws.com/.

I have tested it in four different scenarios. Running in my local machine from python directly, running in my local machine from docker, running in EC2 from python directly and in EC2 from docker. The first 3 scenarios I get no errors, so I think it's not related to AWS permission. Here is an example I'm trying to run and getting the error:

#!/bin/python3

import boto3

session = boto3.Session()
credentials = session.get_credentials()
credentials = credentials.get_frozen_credentials()
access_key = credentials.access_key
secret_key = credentials.secret_key
sqs_client = boto3.client('sqs')
print('access_key: %s', access_key)
print('secret_key: %s', secret_key)
while True:
    try:
        response = sqs_client.receive_message(
            QueueUrl='https://queue.amazonaws.com/blablabla/my-queue',
            WaitTimeSeconds=10,
            MaxNumberOfMessages=10
        )
        print(response)
    except Exception as error:
        print(error)

Here is my Dockerfile:

FROM python:3.6-alpine3.6
COPY ./requirements.txt /my_app/requirements.txt
COPY ./build/tmp/id_rsa /root/.ssh/id_rsa
RUN chmod 400 /root/.ssh/id_rsa && \
    ssh-keyscan -H bitbucket.org > /root/.ssh/known_hosts  && \
    pip3 install --no-cache-dir -r /my_app/requirements.txt  && \
    rm -rf /root/.ssh/
COPY ./src /my_app/src

WORKDIR /root/
EXPOSE 6092
VOLUME ["/root/"]
ENTRYPOINT ["python3", "/my_app/src/main.py"]

The access_key and secret_key are correct when running via docker from EC2, so it's probably not related to credentials. What am I missing?

Solution

  • It turned out that my application couldn't resolve any domain name. After digging a lot, I've discovered that the ec2 subnet was conflicting with the docker swarm subnet, both were using the 10.0.0.2 address. The workaround was to add

    nameserver 8.8.8.8
nameserver 8.8.4.4

    to the /etc/resolv.conf. Not the ideal solution, but it worked.