I have an ECS task that runs an image build from Amazon Linux.
container_pull(
name = "amazonlinux",
registry = "registry.hub.docker.com",
repository = "library/amazonlinux",
tag = "2022.0.20220315.0",
digest = "sha256:c74e77c670519cd69e3f5ce3fa714c02c582a40d786dd7e97113e717e7655e4d",
)
However when I run the image on ECS and try to perform an operation on S3, I get this error:
Unable to get IAM security credentials from EC2 Instance Metadata Service.
This surprises me because I thought the image would contain the necessary services to communicate with ECS and obtain IAM credentials.
The role has permissions s3:PutObject
and s3:GetObject
.
How do I gain access to S3 inside my image?
Note I do not want to pass AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
environment variables if I can help it.
The issue was that I had not assigned a Task Role (I had only assigned an Execution Role).
The Task Role has permission to access S3.