forked from awslabs/amazon-ecs-local-container-endpoints
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.localstack.yml
77 lines (73 loc) · 2.9 KB
/
docker-compose.localstack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
version: "2"
networks:
# This is the default network. It is used for normal inter-container
# communications.
default:
driver: bridge
ipam:
driver: default
# This special network is configured so that the local metadata
# service can bind to the specific IP address that ECS uses
# in production
credentials_network:
driver: bridge
ipam:
config:
- subnet: "169.254.170.0/24"
gateway: 169.254.170.1
services:
# This container simulates IAM and STS and vends (fake) credentials
localstack:
environment:
- DEFAULT_REGION=us-east-1
- SERVICES=iam,sts
image: localstack/localstack
networks:
- default
ports:
- '4592:4592'
- '4593:4593'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# This container vends credentials to your containers by obtaining (fake)
# credentials from the localstack container. Take note that a real AWS account
# is not necessary when using these simulated endpoints.
ecs-local-endpoints:
# The Amazon ECS Local Container Endpoints Docker Image
image: amazon/amazon-ecs-local-container-endpoints
depends_on:
- localstack
volumes:
# Mount /var/run so we can access docker.sock and talk to Docker
- /var/run:/var/run
environment:
# The simulated IAM and STS endpoints will accept any access key
# and secret key. These values may simply be left as dummy values.
- AWS_ACCESS_KEY_ID=accessKey
- AWS_REGION=us-east-1
- AWS_SECRET_ACCESS_KEY=secretAccessKey
- IAM_CUSTOM_ENDPOINT=http://localstack:4593
- STS_CUSTOM_ENDPOINT=http://localstack:4592
networks:
# This is connected to both networks. This makes Local Endpoints
# accessible on the well-known IP address, and it enables communication
# with the localstack container.
credentials_network:
# This special IP address is recognized by the AWS SDKs and AWS CLI
ipv4_address: "169.254.170.2"
default:
# Here we configure the application container that we are testing
# You can test multiple containers at a time, simply duplicate this section
# and customize it for each container, and give it a unique IP in 'credentials_network'.
app:
depends_on:
- ecs-local-endpoints
networks:
credentials_network:
ipv4_address: "169.254.170.3"
environment:
- AWS_DEFAULT_REGION=us-east-1
# This ENV VAR enables credentials
- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=/creds
# Enables V3 Metadata
- ECS_CONTAINER_METADATA_URI=http://169.254.170.2/v3