Local: docker run
The same shape as the Docker Compose path, but expressed as a single docker run command. Pick this for one-off testing, smoke checks, or scripted deploys where you do not want a separate YAML file.
When to pick this
Section titled “When to pick this”- You want a single line that fits in a CI script.
- You do not want to manage a
docker-compose.ymlfile. - You are debugging container behavior and want to swap flags quickly.
Prerequisites
Section titled “Prerequisites”Identical to Docker Compose: a target-account role with the discovery policy, source credentials reachable via the SDK default chain, and a token or API key. Complete Pre-flight first.
Walkthrough
Section titled “Walkthrough”-
Export the role-target variables in your shell:
Terminal window export AWS_ROLE_ARN=arn:aws:iam::111122223333:role/argus-discoveryexport AWS_EXTERNAL_ID=your-external-id# plus source credentials (one of):export AWS_ACCESS_KEY_ID=AKIA...export AWS_SECRET_ACCESS_KEY=... -
Run the agent. The drawer snippet with placeholders substituted:
Terminal window docker run -d --restart unless-stopped \--name argus-agent \-v argus_agent_data:/var/lib/argus \-e ARGUS_BACKEND_URL=https://api.argusdspm.com \-e CLOUD_PROVIDER=aws \-e ENROLLMENT_TOKEN="argus_et_<your-token-here>" \-e ENROLLMENT_POOL=baseline \-e AWS_ROLE_ARN=$AWS_ROLE_ARN \-e AWS_EXTERNAL_ID=$AWS_EXTERNAL_ID \ghcr.io/argusdspm/argus-agent:stableTo pass source credentials via a mounted file instead of env vars, add:
Terminal window -v $HOME/.aws:/home/argus_agent/.aws:ro \ -
Follow logs:
Terminal window docker logs -f argus-agent
Verify
Section titled “Verify”Same log signals as the Compose path. To confirm the API key persisted:
docker exec argus-agent ls -la /var/lib/argus# expect: -rw------- argus_agent argus_agent 59 agent.keyTeardown
Section titled “Teardown”docker stop argus-agent && docker rm argus-agentdocker volume rm argus_agent_data