I have the following lines in my Dockerfile:
RUN aws sts assume-role-with-web-identity \
--role-arn ${AWS_ROLE_ARN} \
--role-session-name "test" \
--web-identity-token "$(cat /tmp/tokenfile)" \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text | awk '{print "export AWS_ACCESS_KEY_ID="$1"\nexport AWS_SECRET_ACCESS_KEY="$2"\nexport AWS_SESSION_TOKEN="$3}' \
&& aws s3 ls
Unfortunately, I got the following error when trying to run aws s3 ls:
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
I took the temporary credentials and used them locally, they work without problem.
The workaround I tried is to redirect the access key, secret access key and session token to .aws/credentials file instead of creating env vars and it works. But for security reasons I don't want to redirect the output to a file.
Do you have any advice regarding my issue?