Connecting to LocalStack From Local Docker App Container

by

For doing dev testing of my application, I use LocalStack. It is really helpful in creating AWS cloud stack locally. That cuts cost for local development & testing. Also it is easier for developers to remove any DevOps dependency for credentials & IAM accounts while developing. Once LocalStack is successfully installed, we can access AWS services like SQS or DynamoDB within the local machine. We  just need to set some dummy values for AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY environment variables. I am using Ubuntu & that is easy to do.

Now the issue came up when I deployed my application as a docker container in my local docker daemon. When I tried to access AWS services from inside the docker container, I got following exception:

“exception”:”com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, com.amazonaws.auth.profile.ProfileCredentialsProvider@50fcd83a: profile file cannot be null, com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@68827b2b: Failed to connect to service endpoint: ]

Solution:

The problem is that docker container is not able to find out the environment variable for AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY. We can solve it using below command for starting docker container:
 
docker run -e AWS_ACCESS_KEY_ID=XXXXXXXXXXXX1 -e AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXX2  <image>

Basically we are passing env variables with docker run command. Remember, this is only for testing and we are using dummy credentials for LocalStack. Do not pass AWS crdenetials this way when you are using actual real credentials. In stage or prod evnvironments you can use IAM role for service accounts.

Leave a Comment