Instructions needed - Running docker with credentials

[ford-at-aws]

When credentials are installed successfully on the MacOS environment, you get this response from running a random Amazon Linux container:

➜  git:(aws-nuke) ✗ docker run --rm -it \
  -v /Users/fprior/.aws/credentials:/root/.aws/credentials \
  amazon/aws-cli:latest \
  sts get-caller-identity

You get this response, showing the credentials are successfully found and used within the container:

{
    "UserId": "AROA122344566890OGAC:my-user",
    "Account": "123456789101",
    "Arn": "arn:aws:sts::123456789101:assumed-role/admin"
}

However, when I run the following aws-nuke container image, I get an error.

The command:

➜  git:(aws-nuke) ✗ docker run \                      
  -v $HOME/nuke_generic_config.yaml:/nuke-config.yaml \
  -v /$HOME/.aws/credentials:/root/.aws/credentials \
  ghcr.io/ekristen/aws-nuke:v3.42.0 \
  run --config /nuke-config.yaml \
  123456789101

The error, which appears to come from within the aws-nuke library:

time="2025-01-08T17:04:42Z" level=fatal msg="failed get caller identity: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"

My account ID is 123456789101. Is there a recommended way to pass credentials to the container image? If so, can we document them?

[ekristen]

AWS nuke doesn't run as root by default in the docker image, it runs as non-root user aws-nuke so that's likely your problem.

Anything supported by the AWS SDK including profiles, config files and then additional environment variables are supported, please see https://aws-nuke.ekristen.dev/auth/ and let me know if anything is missing.