You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm having trouble accessing AWS IAM credentials from within my dockerised shiny-server environment. I'm deploying my shiny server container to ECS but am unable to access services such as s3 despite having the proper IAM permissions.
I can attach a volume to the docker container to manually move the credentials file over:
volumes:
- $HOME/.aws/:/home/shiny/.aws/:ro
But this is not practical in production. I can access the IAM credentials when running the app without using shiny-server
by running the docker file like this:
But then I can't run the app on the path I want and it isn't as stable.
How can I access the AWS credentials from within shiny-server?
shiny-server.sh
#!/bin/sh
# Make sure the directory for individual app logs exists
mkdir -p /var/log/shiny-server
chown shiny.shiny /var/log/shiny-server
if [ "$APPLICATION_LOGS_TO_STDOUT" != "false" ];
then
# push the "real" application logs to stdout with xtail in detached mode
exec xtail /var/log/shiny-server/ &
fi
# start shiny server
exec shiny-server 2>&1
shiny-server.conf
# Define the user we should use when spawning R Shiny processes
run_as shiny;
# Define a top-level server which will listen on a port
server {
# Instruct this server to listen on port 80. The app at dokku-alt need expose PORT 80, or 500 e etc. See the docs
listen 3838;
# Define the location available at the base URL
location / {
# Run this location in 'site_dir' mode, which hosts the entire directory
# tree at '/srv/shiny-server/app'
site_dir /srv/shiny-server/app;
# Define where we should put the log files for this location
log_dir /var/log/shiny-server;
# Should we list the contents of a (non-Shiny-App) directory when the user
# visits the corresponding URL?
directory_index on;
}
Dockerfile
FROM rocker/shiny-verse:latest
# system libraries of general use
RUN apt-get update && apt-get install -y \
....
RUN apt-get update
# Install R packages that are required
# TODO: add further package if you need!
RUN ["install2.r", "paws", "...", ...]
RUN rm -r /srv/shiny-server/*
COPY shiny-server.sh /usr/bin/shiny-server.sh
# copy the app to the image
RUN mkdir /srv/shiny-server/my_app
COPY ./my_app /srv/shiny-server/my_app/
# select port
EXPOSE 3838
# run app
CMD ["/usr/bin/shiny-server.sh"]
The text was updated successfully, but these errors were encountered:
When running on ECS, does your container have one or both of the following environment variables?
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
AWS_CONTAINER_CREDENTIALS_FULL_URI
If so, I think if we add a way for you to specify that Shiny Server should pass through those environment variables to the R process, that might do the trick. (See also #409)
I'm having trouble accessing AWS IAM credentials from within my dockerised shiny-server environment. I'm deploying my shiny server container to ECS but am unable to access services such as s3 despite having the proper IAM permissions.
I can attach a volume to the docker container to manually move the credentials file over:
But this is not practical in production. I can access the IAM credentials when running the app without using shiny-server
by running the docker file like this:
But then I can't run the app on the path I want and it isn't as stable.
How can I access the AWS credentials from within shiny-server?
shiny-server.sh
shiny-server.conf
Dockerfile
The text was updated successfully, but these errors were encountered: