AWS Batch, AWS ECR : Docker run gives an error x509: certificate signed by unknown authority

Question

To create a AWS Batch job, I am trying to create a Docker image, using the Ubuntu Linux base image.

From the Docker container, I want to write some records in AWS DynamoDB and upload some files to S3. These steps are performed by a command line program developed using Go language.

This programs works fine, on EC2 instance. When I created the Docker image, pushed to ECR and tried to use it in AWS batch, I got below error -

Post https://dynamodb.us-east-1.amazonaws.com/: x509: certificate signed by unknown authority

Here is the relevant portion of my Dockerfile

#Download base image ubuntu 16.04
FROM ubuntu:16.04

# Update Software repository
RUN apt-get update

ADD myProgram /usr/local/bin/myProgram

WORKDIR /tmp
USER nobody
ENTRYPOINT ["/usr/local/bin/myProgram"]

Are there any additional packages I need to install on the Ubuntu Docker image?

Answer 1

If you are using multi-stage docker build, you can implement the code as mentioned below

FROM golang:1.16.5 AS builderStep

# Install Certificate
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates

FROM scratch AS app

# Copy Certificate
COPY --from=builderStep /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

COPY --from=builderStep /my/source/code/ .

Answer 2

seems like similar issue from GitHub page from aws go-SDK.

Install ca-certificates in the Docker image.

FROM ubuntu:16.04
# Update Software repository
RUN apt-get update
RUN apt-get install -y ca-certificates