0

For example: upon launching my EC2 instance, I would like to automatically run
docker login
so I can pull a private image from dockerhub and run it. To login to dockerhub I need to input a username and password, and this is what I would like to automate but haven't been able to figure out how. I do know that you can pass in a script to be ran on launch via User Data. The issue is that my script expects input and I would like to automate entering that input.

Thanks in advance!

Improve this question

3 Answers 3

Reset to default
1

If just entering a password for docker login is your problem then I would suggest searching for a manual for docker login. 30 secs on Google gave me this link:

https://docs.docker.com/engine/reference/commandline/login/

It suggests something of the form 

docker login --username foo --password-stdin < ~/my_password.txt

Which will read the password from a file my_password.txt in the current users home directory.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Seems like the easiest solution for you here is to modify your script to accept command line parameters, and pass those in with the UserData string.

Keep in mind that this will require you to change your launch configs every time your password changes.

The better solution here is to store your containers in ECS, and let AWS handle the authentication for you (as far as pulling the correct containers from a repo).

Your UserData then turns into something along:

#!/bin/bash
mkdir -p /etc/ecs
rm -f /etc/ecs/ecs.config # cleans up any old files on this instance
echo ECS_LOGFILE=/log/ecs-agent.log >> /etc/ecs/ecs.config
echo ECS_LOGLEVEL=info >> /etc/ecs/ecs.config
echo ECS_DATADIR=/data >> /etc/ecs/ecs.config
echo ECS_CONTAINER_STOP_TIMEOUT=5m >> /etc/ecs/ecs.config
echo ECS_CLUSTER=<your-cluster-goes-here> >> /etc/ecs/ecs.config

docker pull amazon/amazon-ecs-agent
docker run --name ecs-agent --detach=true --restart=on-failure:10 --volume=/var/run/docker.sock:/var/run/docker.sock --volume=/var/log/ecs/:/log --volume=/var/lib/ecs/data:/data --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro --volume=/var/run/docker/execdriver/native:/var/lib/docker/execdriver/native:ro --publish=127.0.0.1:51678:51678 --env-file=/etc/ecs/ecs.config amazon/amazon-ecs-agent:latest

You may or may not need all the volumes specified above. This setup lets the AWS ecs-agent handle your container orchestration for you.

Improve this answer

Comments

0

Below is what I could suggest at this moment -

  1. Create a S3 bucket i.e mybucket.
  2. Put a text file(doc_pass.txt) with your password into that S3 bucket
  3. Create a IAM policy which has GET access to just that particular S3 bucket & add this policy to the EC2 instance role.

  4. Put below script in you user data - 

     aws s3 cp s3://mybucket/doc_pass.txt doc_pass.txt
 cat doc_pass.txt | docker login --username=YOUR_USERNAME --password-stdin

This way you just need to make your S3 bucket secure, no secrets gets displayed in the user data.

Improve this answer

1 Comment

Never used it. But as suggested, I have fixed it now. Quite similar to your answer except it fetch the creds from S3.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.