{"id":1471,"date":"2020-03-21T08:25:31","date_gmt":"2020-03-21T13:25:31","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=1471"},"modified":"2020-04-12T11:49:12","modified_gmt":"2020-04-12T16:49:12","slug":"using-aws-cli-docker-image","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/using-aws-cli-docker-image\/","title":{"rendered":"Using AWS CLI Docker image"},"content":{"rendered":"<h3>Recording my test running AWS CLI in a docker image.<\/h3>\n<pre><code class=\"language-bash\">## get a base ubuntu image\n\n# docker pull ubuntu\nUsing default tag: latest\nlatest: Pulling from library\/ubuntu\n...\n\n## install the Aws CLI and commit to a image\n\n# docker run -it --name awscli ubuntu \/bin\/bash\nroot@25b777958aad:\/# apt update\nroot@25b777958aad:\/# apt upgrade\nroot@25b777958aad:\/# apt install awscli\nroot@25b777958aad:\/# exit\n\n# docker commit 25b777958aad awscli\nsha256:9e1f0fef4051c86c3e1b9beecd20b29a3f11f86b5a63f1d03fefc41111f8fb47\n\n## alias to run a docker image with cli commands\n\n# alias awscli=docker run -it --name aws-iqonda --rm -e AWS_DEFAULT_REGION=&#039;us-east-1&#039; -e AWS_ACCESS_KEY_ID=&#039;&lt;...&gt;&#039; -e AWS_SECRET_ACCESS_KEY=&#039;&lt;...&gt;&#039; --entrypoint aws awscli\n\n# awscli s3 ls | grep ls-al\n2016-02-17 15:43:57 j.ls-al.com\n\n# awscli ec2 describe-instances --query &#039;Reservations[*].Instances[*].[InstanceId,Tags[?Key==`Name`].Value|[0],State.Name,PrivateIpAddress,PublicIpAddress]&#039; --output text\ni-0e38cd17dfed16658 ec2server   running 172.31.48.7 xxx.xxx.xxx.xxx\n\n## one way to hide key variables with pass\/gpg https:\/\/blog.gruntwork.io\/authenticating-to-aws-with-environment-variables-e793d6f6d02e\n\n$ pass init &lt;email@addr.ess&gt;\n$ pass insert awscreds-iqonda\/aws-access-key-id\n$ pass insert awscreds-iqonda\/aws-secret-access-key\n\n$ pass\nPassword Store\n\u2514\u2500\u2500 awscreds-iqonda\n    \u251c\u2500\u2500 aws-access-key-id\n    \u2514\u2500\u2500 aws-secret-access-key\n\n$ pass awscreds-iqonda\/aws-access-key-id\n&lt;...&gt;\n$ pass awscreds-iqonda\/aws-secret-access-key\n&lt;...&gt;\n\n$ export AWS_ACCESS_KEY_ID=$(pass awscreds-iqonda\/aws-access-key-id)\n$ export AWS_SECRET_ACCESS_KEY=$(pass awscreds-iqonda\/aws-secret-access-key)\n\n** TODO: how to batch this? this is fine for desktop use but I do not want a gpg keyring password prompt either text or graphic in a server scripting situation. Maybe look at hashicorp vault?\n\n$ env | grep AWS\nAWS_SECRET_ACCESS_KEY=&lt;...&gt;\nAWS_ACCESS_KEY_ID=&lt;...&gt;\n\n## for convenience use an alias\n$ alias awscli=sudo docker run -it --name aws-iqonda --rm -e AWS_DEFAULT_REGION=&#039;us-east-1&#039; -e AWS_ACCESS_KEY_ID=&#039;$AWS_ACCESS_KEY_ID&#039; -e AWS_SECRET_ACCESS_KEY=&#039;$AWS_SECRET_ACCESS_KEY&#039; --entrypoint aws awscli\n\n$ awscli s3 ls <\/code><\/pre>\n<h3>Some useful References:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.tecmint.com\/install-run-and-delete-applications-inside-docker-containers\/\">https:\/\/www.tecmint.com\/install-run-and-delete-applications-inside-docker-containers\/<\/a><\/li>\n<li><a href=\"https:\/\/blog.gruntwork.io\/authenticating-to-aws-with-environment-variables-e793d6f6d02e\">https:\/\/blog.gruntwork.io\/authenticating-to-aws-with-environment-variables-e793d6f6d02e<\/a><\/li>\n<li><a href=\"https:\/\/aws.amazon.com\/blogs\/aws\/aws-secrets-manager-store-distribute-and-rotate-credentials-securely\/\">https:\/\/aws.amazon.com\/blogs\/aws\/aws-secrets-manager-store-distribute-and-rotate-credentials-securely\/<\/a><\/li>\n<li><a href=\"https:\/\/lostechies.com\/gabrielschenker\/2016\/09\/21\/easing-the-use-of-the-aws-cli\/\">https:\/\/lostechies.com\/gabrielschenker\/2016\/09\/21\/easing-the-use-of-the-aws-cli\/<\/a><\/li>\n<li><a href=\"https:\/\/medium.com\/@hudsonmendes\/docker-have-a-ubuntu-development-machine-within-seconds-from-windows-or-mac-fd2f30a338e4\">https:\/\/medium.com\/@hudsonmendes\/docker-have-a-ubuntu-development-machine-within-seconds-from-windows-or-mac-fd2f30a338e4<\/a><\/li>\n<li><a href=\"https:\/\/unix.stackexchange.com\/questions\/60213\/gpg-asks-for-password-even-with-passphrase\">https:\/\/unix.stackexchange.com\/questions\/60213\/gpg-asks-for-password-even-with-passphrase<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Recording my test running AWS CLI in a docker image. ## get a base ubuntu image # docker pull ubuntu<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69],"tags":[],"class_list":["post-1471","post","type-post","status-publish","format-standard","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1471","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=1471"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1471\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=1471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=1471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=1471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}