When you run a docker container locally, you can mount ~/.aws to pass AWS credentials, and similarly, you can do that with volumes in Docker Compose. Besides, there is also a secrets field. According to the document, it looks to depend on Swarm, but actually, it can run standalone. However, this is for development, and it seems to just bind the file.
version: '3'
secrets:
aws_creds:
file: ~/.aws
services:
aws_cli:
image: amazon/aws-cli:2.9.0
secrets:
- source: aws_creds
target: /root/.aws
# volumes:
# - type: bind
# source: ~/.aws
# target: /root/.aws
environment:
AWS_PROFILE: xxxx
command:
- sts
- get-caller-identity