When you run a docker container locally, you can mount ~/.aws to pass AWS credentials, and similarly, you can do that with volumes in Docker Compose. Besides, there is also a secrets field. According to the document, it looks to depend on Swarm, but actually, it can run standalone. However, this is for development, and it seems to just bind the file.
version: '3' secrets: aws_creds: file: ~/.aws services: aws_cli: image: amazon/aws-cli:2.9.0 secrets: - source: aws_creds target: /root/.aws # volumes: # - type: bind # source: ~/.aws # target: /root/.aws environment: AWS_PROFILE: xxxx command: - sts - get-caller-identity