-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add host.docker.internal to ContainerMetadataFetcher list of approved hosts #2515
Comments
Thanks for the request, @benkehoe. |
Actually, in looking at the other SDKs, an inconsistency is that botocore allows 169.254.170.2 in |
I believe that Java (v1) behavior is the same as Go/JavaScript: |
I have solved this for now in my |
This is still an issue. We are trying to access the credentials URI from a docker container in a production environment and |
I should note that in addition to aws-export-credentials I made a single-purpose implementation in Go: imds-credential-server But I'd love to see this host supported in all SDKs |
Changing this to an issue on the cross-SDK repo: aws/aws-sdk#562 |
ContainerMetadataFetcher
currently allows three hosts for container metadata endpoints: 169.254.170.2, localhost, and 127.0.0.1. However, neither localhost or 127.0.0.1 represent the local docker host. Instead, the host's localhost is reachable as host.docker.internal (docs). On Linux, the workaround is to use--network host
, but on Mac and Windows this doesn't work (the docker network is always isolated from the host).host.docker.internal should be added to
ContainerMetadataFetcher
's list of approved hosts, so that a custom metadata endpoint for testing can be run on the host rather than needing to be run in another container.The text was updated successfully, but these errors were encountered: