Hi all,
I am trying to figure out how not to store AWS credentials in my nomad hcl file / job that is spinning up a docker container that requires an artifact from S3.
In theory this should work, if I have the default profile in place:
artifact { source = "mybucket.s3-eu-west-2.amazonaws.com/myfolder/myotherfolder/myfile.tar.gz?archive=false®ion=eu-west-2&aws_profile=default" mode = "file" }
I have configured the .aws/config and .aws.credentials files on the container. First in the standard user’s home dir. Later, I tried in the /root, in /local and nothing seems to work. I have also tried it on the host’s /root, since the nomad client is running as root. No joy.
Every time I am trying to run the job, I get the generic message from go-getter that pops up if your aws config is not in place:
failed to download artifact “mybucket.s3-eu-west-2.amazonaws.com/myfolder/myotherfolder/myfile.tar.gz?archive=false®ion=eu-west-2&aws_profile=default”: MissingRegion: could not find region configuration
I have also tried to use the “options” fir the profile and region of the artifact stanza with the same results.
If I set up the .aws folder/files on the host of the nomad client and run go-getter directly without nomad in the /root it does work properly with:
./go-getter “mybucket.s3-eu-west-2.amazonaws.com/myfolder/myotherfolder/myfile.tar.gz?archive=false®ion=eu-west-2&aws_profile=default” “myfile.tar”
If I stop using the profile and just use the key and region explicitly in the hcl file all is working fine, but that is something I really would like to avoid.
Can someone shed some light on what am I doing wrong?
Many thanks,
Peter
