Introduction
Here is a simple example of running Mountpoint for Amazon S3 from inside a container
Created with information as of 3/21/2023 (version: 0.2.0-b8363a4)
Mountpoint for Amazon S3 is currently in alpha release and should not be used in production workloads
Container image is also available in ECR Public gallery.
Dockerfile
FROM rust:1.68.0 as Build
RUN apt-get update && apt-get install -y \
clang\
cmake \
curl \
fuse \
git \
libfuse-dev \
pkg-config \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& git clone --recurse-submodules https://github.com/awslabs/mountpoint-s3.git \
&& cd mountpoint-s3 \
&& cargo build --release
FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y \
ca-certificates \
libfuse-dev \
sudo \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY --from=build /mountpoint-s3/target/release/mount-s3 /usr/local/bin/mount-s3
RUN chmod 777 /usr/local/bin/mount-s3
RUN useradd -ms /bin/bash mount-s3-user \
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& adduser mount-s3-user sudo
USER mount-s3-user
Getting started
Image Build
docker image build -t mount-s3:latest .
Run
docker container run --privileged --rm -it mount-s3:latest bash
Enjoy
mount-s3-user@ce43831fda04:~$ sudo mount-s3 <bucket_name> /mnt --allow-other --region ap-northeast-1
mount-s3-user@ce43831fda04:~$ ls -l /mnt/test.json
-rw-r--r-- 1 root root 306424 Feb 21 02:42 /mnt/test.json
EC2 on Docker Consideration
If using EC2 IAM roles for AWS credentials, increasing the IMDSv2 hop limit from 1 to 2 in the instance metadata options is recommended.
In a container environment, if the hop limit is 1, the IMDSv2 response does not return because going to the container is considered an additional network hop. To avoid the process of falling back to IMDSv1 and the resultant delay, in a container environment we recommend that you set the hop limit to 2
aws ec2 modify-instance-metadata-options \
--instance-id i-xxxxxxxxxxxxxxxxx \
--http-put-response-hop-limit 2 \
--http-endpoint enabled
I hope this will be of help to someone else.
GitHub Repo
container-mountpoint-s3
This is a simple container image to verify the operation of Mountpoint for Amazon S3 in a container environment.
Container image is also available in ECR Public gallery.
Getting started
Image Build
docker image build -t mount-s3:latest .
Run
docker container run --privileged --rm -it mount-s3:latest bash
Enjoy
mount-s3-user@ce43831fda04:~$ sudo mount-s3 <bucket_name> /mnt --allow-other --region ap-northeast-1
mount-s3-user@ce43831fda04:~$ ls -l /mnt/test.json
-rw-r--r-- 1 root root 306424 Feb 21 02:42 /mnt/test.json
EC2 on Docker Consideration
If using EC2 IAM roles for AWS credentials, increasing the IMDSv2 hop limit from 1 to 2 in the instance metadata options is recommended.
In a container environment, if the hop limit is 1, the IMDSv2 response does not return because going to the container is considered an additional network hop. To avoid the process of falling back to IMDSv1 and the resultant delay, in a container environment we recommend that you set the…
Top comments (0)