docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon localstack

Initialization Hooks

Open EvanGranthamBrown opened this issue 2 years ago • 0 comments

"Make sure the script is executable: run chmod +x init-aws.sh on the file first."

You should note that this script must be run on the host machine; it does not work if run inside the container.

Also, while this gets the job done, it's not a very good workaround. Having to run a chmod command on the host is not portable and... I don't know that it's an actual security risk, but it's certainly a security smell. The necessity for it is introduced by this line:

volumes:
  - "/path/to/init-aws.sh:/etc/localstack/init/ready.d/init-aws.sh"  # ready hook

By mapping a host file to /etc/localstack/init/ready.d/init-aws.sh, you make it impossible for the container to manage permissions on it. It would be better to make a copy of init-aws.sh which the container can manage. I did this with a custom Dockerfile with the line COPY --chown=localstack /path/to/init-aws.sh /etc/localstack/init/ready.d/init-aws.sh; there might be a more elegant way to do it, but this at least means your Docker setup is not dependent on how host permissions are configured.

EvanGranthamBrown avatar Jun 27 '23 18:06 EvanGranthamBrown