achantavy
commented
2 years ago Not sure if I completely understand, but cartography uses boto3 for AWS calls and boto3 uses both env vars and files with this order of precedence: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials
If you are able to pass env vars to the Dockerfile, then cartography will create the default boto3 session here: https://github.com/lyft/cartography/blob/739187096a012a56888b598da6799c24c561e669/cartography/intel/aws/__init__.py#L201 which will then detect creds based on the order in the link above.
Please let me know if I missed something but I don't think we do anything to specifically require files.
danielsaporo
It's quite convenient for various reasons to run Cartography inside a Docker container. When doing so, the obvious question becomes how to pass in the AWS region and credentials.
One way to do this is to mount the
.awsfolder containing config and credentials into the container. This works.Another option could be to pass in the necessary configuration/credentials as environment variables. This includes:
Unfortunately, this doesn't work because of Cartography's reliance on AWS profiles, which seem to be native to the configuration/credentials file.
It would be nice if Cartography could be made to work by passing the necessary configuration/credentials as environment variables, even if this might restrict it to a single account.