circleci-public / aws-cli-orb Goto Github PK
View Code? Open in Web Editor NEWInstall and configure the AWS command-line interface (awscli)
Home Page: https://circleci.com/orbs/registry/orb/circleci/aws-cli
License: MIT License
Install and configure the AWS command-line interface (awscli)
Home Page: https://circleci.com/orbs/registry/orb/circleci/aws-cli
License: MIT License
Recently I realized the new pipelines cannot install AWS-CLI anymore:
Collecting awscli
Downloading https://files.pythonhosted.org/packages/10/00/fc506c3bbeaec4ab4da4c33194582b85e0e0d6452a6f14aba6fff66c6b33/awscli-1.19.48.tar.gz (1.4MB)
100% |████████████████████████████████| 1.4MB 761kB/s eta 0:00:01
Exception:
Traceback (most recent call last):
File "/opt/circleci/.pyenv/versions/2.7.12/lib/python2.7/site-packages/pip/basecommand.py", line 209, in main
status = self.run(options, args)
File "/opt/circleci/.pyenv/versions/2.7.12/lib/python2.7/site-packages/pip/commands/install.py", line 299, in run
requirement_set.prepare_files(finder)
File "/opt/circleci/.pyenv/versions/2.7.12/lib/python2.7/site-packages/pip/req/req_set.py", line 360, in prepare_files
ignore_dependencies=self.ignore_dependencies))
File "/opt/circleci/.pyenv/versions/2.7.12/lib/python2.7/site-packages/pip/req/req_set.py", line 647, in _prepare_file
set(req_to_install.extras) - set(dist.extras)
File "/opt/circleci/.pyenv/versions/2.7.12/lib/python2.7/site-packages/pip/_vendor/pkg_resources/__init__.py", line 2810, in extras
return [dep for dep in self._dep_map if dep]
File "/opt/circleci/.pyenv/versions/2.7.12/lib/python2.7/site-packages/pip/_vendor/pkg_resources/__init__.py", line 2624, in _dep_map
dm.setdefault(extra,[]).extend(parse_requirements(reqs))
File "/opt/circleci/.pyenv/versions/2.7.12/lib/python2.7/site-packages/pip/_vendor/pkg_resources/__init__.py", line 2980, in parse_requirements
"version spec")
File "/opt/circleci/.pyenv/versions/2.7.12/lib/python2.7/site-packages/pip/_vendor/pkg_resources/__init__.py", line 2956, in scan_list
raise RequirementParseError(msg, line, "at", line[p:])
RequirementParseError: Expected ',' or end-of-list in rsa>=3.1.2,<=4.5.0; python_version=="2.7" at ; python_version=="2.7"
You are using pip version 8.1.1, however version 21.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Exited with code exit status 2
If you check the file name that it tries to install is awscli-1.19.48.tar.gz
and it cannot be installed but when I check the old pipelines the candidate file to be installed is awscli-1.19.44-py2.py3-none-any.whl
Any Idea?
Enable support for ARM-based installation and execution for CircleCI's upcoming ARM build fleet.
CircleCI ARM build fleet: https://www2.circleci.com/arm.html
I use orb:
- aws-cli/setup:
aws-region: << parameters.aws-region >>
role-arn: << parameters.aws-role-arn >>
I receive in logs:
#!/bin/bash -eo pipefail
PARAM_ROLE_SESSION_NAME=$(eval echo "${PARAM_ROLE_SESSION_NAME}")
# shellcheck disable=SC2086,SC2034
read -r AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<<"$(aws sts assume-role-with-web-identity \
--role-arn ${PARAM_AWS_CLI_ROLE_ARN} \
--role-session-name ${PARAM_ROLE_SESSION_NAME} \
--web-identity-token ${CIRCLE_OIDC_TOKEN} \
--duration-seconds ${PARAM_SESSION_DURATION} \
--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \
--output text)"
{
echo "export AWS_ACCESS_KEY_ID=\"${AWS_ACCESS_KEY_ID}\""
echo "export AWS_SESSION_TOKEN=\"${AWS_SESSION_TOKEN}\""
echo "export AWS_SECRET_ACCESS_KEY=\"${AWS_SECRET_ACCESS_KEY}\""
} >>"$BASH_ENV"
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
Unknown options: on, dev-adam, chart
I think that steps should fail when it failed to obtain token (it fails silently on CI). Also there is missing escape around "PARAM_ROLE_SESSION_NAME", so my job with space fails.
In addiction, I suggest you to:
AWS_WEB_IDENTITY_TOKEN_FILE
If the awscli
is already present (i.e. aws
is in PATH), the Install AWS CLI
step will still check for the presence of pip
and sudo
The step should see that the command is present and exit successfully.
The above issue refers to a bug in this orb.
config.yml
version: 2.1
orbs:
aws-s3: circleci/[email protected]
jobs:
build:
docker:
- image: circleci/node
steps:
- aws-s3/copy:
...
ext/_yaml.c:4:20: fatal error: Python.h: No such file or directory
#include "Python.h"
^
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
We run all our CI steps with set -u
, which errors if a variable is not initialized. The following variables need to be initialized:
AWS_CLI_VER_STRING
Add an option to configure region for the specific profile instead of default.
Please see my PR #64
Using the orb in a plain centos:7
docker image fails.
+ case $SYS_ENV_PLATFORM in
+ curl -sSL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip
+ unzip -q -o awscliv2.zip
/bin/bash: line 40: unzip: command not found
It would be nice if the documentation could list the commands required. Or this error should just be expected, and this ticket can be closed
When building from image circleci/elixir:1.12-node (which is based of debian buster - current stable)
the step
aws-cli/setup:
version: '1'
fails with
Unsupported Python version detected: Python 2.7
To continue using this installer you must use Python 3.6 or later.
For more information see the following blog post: https://aws.amazon.com/blogs/developer/announcing-end-of-support-for-python-2-7-in-aws-sdk-for-python-and-aws-cli-v1/
The image has python 2.7 aliased as python and python 3.7 aliased as python3 but apparently the setup script is choosing 2.7
As https://docs.amazonaws.cn/en_us/cli/latest/userguide/install-linux.html states
Python 2.7 was deprecated by the Python Software Foundation on January 1, 2020. Going forward, customers using the Amazon CLI version 1 should transition to using Python 3, with a minimum of Python 3.6. Python 2.7 support is deprecated for new versions of the Amazon CLI version 1 starting 7/15/2021.
It probably coincides with the recent release of awscli 1.20 (released 7/15/2021)
The Install AWS CLI
script checks for the presence of sudo
in PATH, even if already running as root.
The script should skip checking for sudo if already running as root
.
The default cimg python version in the executor is 3.8-node
: https://github.com/CircleCI-Public/aws-cli-orb/blob/v1.3.1/src/executors/default.yml#L8
Why?
Thanks 🙏
recently upgraded to the latest orb version and started having issues with passing profile name using an environment variable stored in CircleCI Context.
my config:
version: 2.1
orbs:
aws-cli: circleci/[email protected]
jobs:
deploy:
steps:
- aws-cli/install
- aws-cli/setup:
profile-name: $DEPLOY_PROFILE_NAME
when I rerun the job with SSH enabled and I run cat ~/.aws/config
I get this:
[default]
region = us-east-1
[profile $DEPLOY_PROFILE_NAME]
region = us-east-1
this used to work with v0.1.13
of the Orb which is no longer supported due to Python 2.7 depreciation by AWS CLI.
is there any workarounds/better approaches/solution to this issue?
Hi, when running this Orb command (setup), I'm getting this error:
aws configure set aws_access_key_id
$AWS_ACCESS_KEY_ID
--profile default
usage: aws [options] [ ...] [parameters]
To see help text, you can run:
aws help
aws help
aws help
aws: error: too few arguments
Thanks !
aws-cli-orb/src/commands/setup.yml
Line 84 in 17ebc09
Generates what appears to be an incorrect ~/.aws/config. You can reproduce it locally like this:
# rename an existing ~/.aws/config so you can put it back after
$ aws configure set region us-west-2 --profile default
$ cat ~/.aws/config
[profile default]
region = us-west-2
According to the AWS Docs the command for default should be set default.region
with no profile param. Local commands and correct output look like this:
$ aws configure set default.region us-west-2
$ cat ~/.aws/config
[default]
region = us-west-2
The change from configure
to setup
probably should have resulted in more than a point release, because now all my circleci/[email protected]
workflows are broken.
It's not a huge deal, and I can fix them easily. I just think it's worth thinking about in future releases.
Use type
instead, which is a bash built-in
Currently, the aws bundle is being unzipped in the current directory. In v1 of the orb (15c10a7), the orb cd
'd into /tmp
first
The newly introduced setup
parameter role_arn
can only be used together with static credentials to assume the role.
See: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html -> role_arn
This is not possible with the Orb right now as neither credential_source
nor source_profile
can be configured.
I worked around that by these steps, which create a default
profile with credentials, a named profile codeartifact
with a role_arn
setting and finally I add the source_profile
to be default
to retrieve the static credentials.
Please note that all AWS commands have to have the --profile codeartifact
parameter later on (missing from the docs).
steps:
- aws-cli/setup
- aws-cli/setup:
profile-name: codeartifact
role-arn: "arn:aws:iam::0123456789:role/foo-bar"
- run:
name: fix aws cli setup
command: aws configure set profile.codeartifact.source_profile default
- run:
name: Codeartifact login
command: >
aws codeartifact login
--profile codeartifact
credential_source
The only possible value would be Environment
– Specifies that the AWS CLI is to retrieve source credentials from environment variables.
But this renders the writing of credentials to the ~/.aws/credentials
file useless
source_profile
better option where logic must be added to the orb to
profile-name
is to be useddefault
profileprofile-name
profile wo/ credentialsdefault
profile as source_profile
WDYT?
The command and error are:
aws ecs register-task-definition --cli-input-json file://./tmp/task-definition.json --network-mode awsvpc --requires-compatibilities FARGATE --region ********* --family se-dev-2699
Parameter validation failed:
Unknown parameter in containerDefinitions[6]: "firelensConfiguration", must be one of: name, image, repositoryCredentials, cpu, memory, memoryReservation, links, portMappings, essential, entryPoint, command, environment, mountPoints, volumesFrom, linuxParameters, secrets, dependsOn, startTimeout, stopTimeout, hostname, user, workingDirectory, disableNetworking, privileged, readonlyRootFilesystem, dnsServers, dnsSearchDomains, extraHosts, dockerSecurityOptions, interactive, pseudoTerminal, dockerLabels, ulimits, logConfiguration, healthCheck, systemControls, resourceRequirements
My setup looks like this:
version: 2.1
orbs:
docker: circleci/[email protected]
aws-cli: circleci/[email protected]
jobs:
deploy:
executor: docker/machine
steps:
- aws-cli/setup:
aws-access-key-id: QA_AWS_ACCESS_KEY_ID
aws-secret-access-key: QA_AWS_SECRET_ACCESS_KEY
aws-region: QA_AWS_REGION
- run: scripts/build
scripts/build is creating a TaskDefinition in ECS with a Firelens a log adapter. This new AWS option didn't work untill I added - run: pip install --upgrade awscli
before it. Before that I had a version 0.1.18 of the orb and it was changed to 0.1.19 and nothing changed.
This is to suggest some improved error handling for the Assume Role with Web Identity Command:
https://circleci.com/developer/orbs/orb/circleci/aws-cli#commands-assume-role-with-web-identity
Specifically, that it should fail if it cannot successfully assume the role.
When using this command at first, it worked. We intentionally changed our target role to assume to change the string matching to thus invalidate the call. However, the step from the orb reports green in the UI, even though inside the step it is clear the assume role was not successful:
However, if you open the "Generate short-lived AWS keys" step, it is the one which actually failed:
It would make more sense (we believe) to have this exact step fail for those troubleshooting to identify the actually source of the error, as opposed to our subsequent custom steps performing actual AWS work reporting that we haven't yet logged into AWS successfully.
3.1
We are using the circleci/[email protected]
orb, which is using the circleci/[email protected]
orb.
We are using the build-and-push-image
command of the aws-ecr
orb, and based on our configuration of this command, this uses the role-arn-setup
command of the aws-cli
orb.
When attempting to pass a Project environment variable to the role-arn
parameter of the build-and-push-image
command of the aws-ecr
orb, which is also passed as the role-arn
parameter of the role-arn-setup
command of the aws-cli
orb, this environment variable is not interpolated. Instead, it is processed plain, which results in the following error message during execution of the ecr-login.sh
script of the aws-ecr
orb (since this is executed subsequent to the role-arn-setup.sh
script of the aws-cli
orb, which did not provide an interpolated role-arn
in the AWS profile):
Parameter validation failed: Invalid length for parameter RoleArn, value: 19, valid min length: 20
We've used SSH debugging in CircleCI to determine that the role arn of the role profile is indeed not interpolated, instead it looks something like this:
[profile example-role]
role_arn = ${ABC_AWS_ROLE_ARN}
source_profile = example-user
Or this (When we try different interpolation methods):
[profile example-role]
role_arn = $ABC_AWS_ROLE_ARN
source_profile = example-user
I've done my best to track, in order, how the role-arn
is passed and used between these orbs in our exact scenario/configuration:
version: 2.1
orbs:
aws-ecr: circleci/[email protected]
executors:
builder:
docker:
- image: cimg/base:stable
resource_class: large
workflows:
build_and_push_php_image:
jobs:
- aws-ecr/build-and-push-image:
aws-access-key-id: ABC_AWS_ACCESS_KEY_ID
aws-cli-version: latest
aws-secret-access-key: ABC_AWS_SECRET_ACCESS_KEY
create-repo: false
dockerfile: .docker/abc/Dockerfile
executor: builder
extra-build-args: --target dist --compress
new-profile-name: example-role
path: src/
platform: linux/amd64
profile-name: example-user
public-registry: false
push-image: true
region: $AWS_REGION
registry-id: AWS_ECR_REGISTRY_ID
remote-docker-layer-caching: true
remote-docker-version: 20.10.12
repo: $AWS_ECR_PHP_REPO_NAME
role-arn: ${ABC_AWS_ROLE_ARN}
role-session-name: $CIRCLE_JOB
session-duration: '1200'
setup-remote-docker: true
skip-when-tags-exist: false
source-profile: example-user
tag: $CIRCLE_WORKFLOW_ID
Confirm by changing [ ] to [x] below to ensure that it's a bug:
Describe the bug
Execution of aws-cli/install command of aws version"1" fails when using docker executor image cimg/base:edge
SDK version number
circleci/[email protected]
Platform/OS/Hardware/Device
docker executor image cimg/base:edge
To Reproduce (observed behavior)
Steps to reproduce the behavior
Set up a job to use the above docker image that runs the aws-cli/install step, see below
jobs:
build:
docker:
- image: cimg/base:edge
steps:
- aws-cli/install:
version: "1"
Expected behavior
The aws-cli tool is installed successfully
Logs/output
#!/bin/bash -eo pipefail
AWS_CLI_VERSION_SELECTED=1
case $AWS_CLI_VERSION_SELECTED in
"1")
if [ "false" == "false" ] && which aws > /dev/null; then
echo "The AWS CLI is already installed. Skipping."
exit 0
fi
export PIP=$(which pip pip3 | head -1)
if [[ -n $PIP ]]; then
if which sudo > /dev/null; then
sudo $PIP install awscli --upgrade
else
# This installs the AWS CLI to ~/.local/bin. Make sure that ~/.local/bin is in your $PATH.
$PIP install awscli --upgrade --user
fi
elif [[ $(which unzip curl | wc -l) -eq 2 ]]; then
cd
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
if which sudo > /dev/null; then
sudo ~/awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
else
# This installs the AWS CLI to the default location (~/.local/lib/aws) and create a symbolic link (symlink) at ~/bin/aws. Make sure that ~/bin is in your $PATH.
awscli-bundle/install -b ~/bin/aws
fi
rm -rf awscli-bundle*
cd -
else
echo "Unable to install AWS CLI. Please install pip."
exit 1
fi
;;
"2")
if [ "false" == "false" ] && which aws > /dev/null; then
echo "The AWS CLI is already installed. Skipping."
exit 0
fi
if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi
cd /tmp || exit
# PLATFORM CHECK: mac vs. alpine vs. other linux
if uname -a | grep Darwin; then
SYS_ENV_PLATFORM=darwin
elif uname -a | grep Linux; then
SYS_ENV_PLATFORM=linux
else
echo "This platform appears to be unsupported."
uname -a
exit 1
fi
case $SYS_ENV_PLATFORM in
linux)
curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
$SUDO ./aws/install
rm awscliv2.zip
;;
darwin)
curl -sSL "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
$SUDO installer -pkg AWSCLIV2.pkg -target /
rm AWSCLIV2.pkg
;;
*)
echo "This orb does not currently support your platform. If you believe it should, please consider opening an issue on the GitHub repository:"
echo "https://github.com/CircleCI-Public/aws-cli-orb/issues/new"
exit 1
esac
# Installation check
if aws --version &> grep -q "aws-cli/2"; then
echo "AWS CLI V2 has been installed successfully"
exit 0
else
echo "There was an issue installing the AWS CLI V2. Exiting."
exit 1
fi
;;
*)
echo "An incorrect version selection has been made."
exit 1
;;
esac
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 15.7M 100 15.7M 0 0 84.9M 0 --:--:-- --:--:-- --:--:-- 84.5M
Archive: awscli-bundle.zip
inflating: awscli-bundle/install
inflating: awscli-bundle/packages/virtualenv-16.7.8.tar.gz
inflating: awscli-bundle/packages/urllib3-1.25.7.tar.gz
inflating: awscli-bundle/packages/python-dateutil-2.8.0.tar.gz
inflating: awscli-bundle/packages/PyYAML-5.2.tar.gz
inflating: awscli-bundle/packages/botocore-1.16.16.tar.gz
inflating: awscli-bundle/packages/s3transfer-0.3.3.tar.gz
inflating: awscli-bundle/packages/futures-3.3.0.tar.gz
inflating: awscli-bundle/packages/docutils-0.15.2.tar.gz
inflating: awscli-bundle/packages/colorama-0.4.3.tar.gz
inflating: awscli-bundle/packages/awscli-1.18.66.tar.gz
inflating: awscli-bundle/packages/rsa-3.4.2.tar.gz
inflating: awscli-bundle/packages/six-1.15.0.tar.gz
inflating: awscli-bundle/packages/urllib3-1.25.9.tar.gz
inflating: awscli-bundle/packages/PyYAML-5.3.1.tar.gz
inflating: awscli-bundle/packages/pyasn1-0.4.8.tar.gz
inflating: awscli-bundle/packages/jmespath-0.10.0.tar.gz
inflating: awscli-bundle/packages/colorama-0.4.1.tar.gz
inflating: awscli-bundle/packages/setup/setuptools_scm-3.3.3.tar.gz
inflating: awscli-bundle/packages/setup/wheel-0.33.6.tar.gz
/usr/bin/env: ‘python’: No such file or directory
Exited with code exit status 127
CircleCI received exit code 127
Additional context
Add any other context about the problem here.
S3 commands don't require an AWS region and default to US East so it isn't necessary to set a region however the orb fails with the following error message -
#!/bin/bash -eo pipefail
aws configure set region $AWS_REGION \
--profile default
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: too few arguments
Exited with code 2
https://aws.amazon.com/blogs/developer/aws-cli-v2-is-now-generally-available/
Now AWS CLI v2 is generally available. It's nice if aws-cli-orb supports AWS CLI v2.
Add external_id for aws-cli/setup.
jobs:
aws-cli-example:
executor: aws-cli/default
steps:
- checkout
- aws-cli/setup:
profile-name: example
role-arn: $ROLE_ARN
external_id: $EXTERNAL_ID
- run: aws sts get-caller-identity "This should return the assumed role as defined by role-arn which requires the external_id"
workflows:
aws-cli:
jobs:
- aws-cli-example:
context: aws
Is there a way to cache the installation step?
What's the point of using the orb instead of a docker image that has the command built in, if you have to spend 15 seconds installing the tool in every build?
Cheers.
I zip my project up to deploy as a lambda function via the serverless framework.
After bumping the version of this orb the deploy would fail with AWS saying the payload was too large.
I ran the build with SSH enabled and noticed an 'aws' directory would appear in my project folder after running aws-cli/setup.
If I exclude this directory from the serverless packaging, the build succeeds again.
Is this an install artefact left behind? Should the install not clean up after itself without leaving artefacts in my project directory?
I just need to update the examples following the other orbs like aws-s3-orb
We are having trouble when installing AWS CLI v2
There is a shell input to replace aws/README.md
, I'm not sure about what it is but started to happen 4 days ago
Full log:
AWS_VER_REGEXP_2='aws-cli\/2.\d*.\d*'
AWS_VER_REGEXP_1='aws-cli\/1.\d*.\d*'
# initialize installed version to zero, to signify not installed (Or we want to ignore the installed version and re-install).
AWS_CLI_INSTALLED_VERSION="0"
AWS_CLI_VERSION_SELECTED="2"
if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi
if "false" == "false"; then
if ! command -v aws --version >/dev/null 2>&1 ; then
echo AWS is not installed
else
echo AWS is currently installed.
if aws --version 2>&1 | grep -q $AWS_VER_REGEXP_2; then
echo AWS CLI v2 is installed
AWS_CLI_INSTALLED_VERSION="2"
fi
if aws --version 2>&1 | grep -q $AWS_VER_REGEXP_1; then
echo AWS CLI v1 is installed
AWS_CLI_INSTALLED_VERSION="1"
fi
fi
else
echo "Skipping version check. Installing CLI"
fi
AWS_V2_UPDATE_PARAM=""
if aws --version 2>&1 | grep -q $AWS_VER_REGEXP_2; then
AWS_V2_UPDATE_PARAM="--update"
fi
#If the desired version of the CLI is not installed, install it.
if [[ $AWS_CLI_VERSION_SELECTED != $AWS_CLI_INSTALLED_VERSION ]]; then
#uninstall AWS CLI if it is installed.
if which aws; then
echo Uninstalling old CLI
$SUDO rm -rf $(which aws)
fi
case $AWS_CLI_VERSION_SELECTED in
"1")
if ! command -v python >/dev/null 2>&1 && ! command -v python3 >/dev/null 2>&1 ; then
echo "Your environment does not seem to have Python installed, a requirement of the AWS CLI."
echo "Please either utilize the AWS CLI v2, or select an envionment with Python installed."
echo "Recommended image: cimg:/python:3.8"
exit 1
fi
# install CLI v1
export PIP=$(which pip pip3 | head -1)
if [[ -n $PIP ]]; then
if which sudo > /dev/null; then
sudo $PIP install awscli --upgrade
else
# This installs the AWS CLI to ~/.local/bin. Make sure that ~/.local/bin is in your $PATH.
$PIP install awscli --upgrade --user
fi
elif [[ $(which unzip curl | wc -l) -eq 2 ]]; then
cd
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
if which sudo > /dev/null; then
sudo ~/awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
else
# This installs the AWS CLI to the default location (~/.local/lib/aws) and create a symbolic link (symlink) at ~/bin/aws. Make sure that ~/bin is in your $PATH.
awscli-bundle/install -b ~/bin/aws
fi
rm -rf awscli-bundle*
cd -
else
echo "Unable to install AWS CLI. Please install pip."
exit 1
fi
# Installation check
if aws --version &> grep -q "aws-cli/1"; then
echo "AWS CLI V1 has been installed successfully"
exit 0
else
echo "There was an issue installing the AWS CLI V1. Exiting."
exit 1
fi
;;
"2")
# install CLI v2
cd /tmp || exit
# PLATFORM CHECK: mac vs. alpine vs. other linux
if uname -a | grep Darwin; then
SYS_ENV_PLATFORM=darwin
elif uname -a | grep Linux; then
SYS_ENV_PLATFORM=linux
else
echo "This platform appears to be unsupported."
uname -a
exit 1
fi
case $SYS_ENV_PLATFORM in
linux)
curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
$SUDO ./aws/install $AWS_V2_UPDATE_PARAM
rm awscliv2.zip
;;
darwin)
curl -sSL "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
$SUDO installer -pkg AWSCLIV2.pkg -target /
rm AWSCLIV2.pkg
;;
*)
echo "This orb does not currently support your platform. If you believe it should, please consider opening an issue on the GitHub repository:"
echo "https://github.com/CircleCI-Public/aws-cli-orb/issues/new"
exit 1
;;
esac
# Installation check
if aws --version &> grep -q "aws-cli/2"; then
echo "AWS CLI V2 has been installed successfully"
exit 0
else
echo "There was an issue installing the AWS CLI V2. Exiting."
exit 1
fi
;;
esac
else
echo "The v${AWS_CLI_VERSION_SELECTED} AWS CLI is already installed."
exit 0
fi
Skipping version check. Installing CLI
/usr/local/bin/aws
Uninstalling old CLI
Linux 06b4708cfdb0 4.15.0-1067-aws #71-Ubuntu SMP Thu Apr 30 13:51:43 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Archive: awscliv2.zip
replace aws/README.md? [y]es, [n]o, [A]ll, [N]one, [r]ename: NULL
(EOF or read error, treating as "[N]one" ...)
Exited with code exit status 1
CircleCI received exit code 1```
We'll need a way to pass the auth
block to the docker
configuration parameter (docs).
Starting November 1, 2020, DockerHub will begin rate-limiting image pulls from DockerHub. Users need a way to pass their DockerHub credentials to avoid the rate limit. Without providing this configuration option, deployments from CircleCI will be impacted.
Hi there!
I have a stupid question about the executor configuration. Regarding this line:
https://github.com/CircleCI-Public/aws-cli-orb/blob/master/src/%40orb.yml#L14
... so will anyone be so kind to provide me just a few lines of CirlceCI yaml configuration how to (and where exactly) configure the python-version
for the aws-cli executor?
I was trying different things but I ended up with yaml syntax error or some other strange stuff.
Thanks in advance!
Migrate to Orb Tools v11.1
https://github.com/CircleCI-Public/orb-tools-orb/blob/master/MIGRATION.md
Use case is a job that pushes to multiple registries, but selection is based on branch.
Using multiple jobs and branch filtering is not applicable since it requires docker image to be passed which is slow and expensive.
Since config just calls orb, bash logic cant be used. This should essentally add that bash logic to the install commands.
This should switch from my 2nd party badge service to the official one.
Install command fails:
#!/bin/bash -eo pipefail
export PIP=$(which pip pip3 | head -1)
if [[ -n $PIP ]]; then
if which sudo > /dev/null; then
sudo $PIP install awscli --upgrade
else
# This installs the AWS CLI to ~/.local/bin. Make sure that ~/.local/bin is in your $PATH.
$PIP install awscli --upgrade --user
fi
elif [[ $(which unzip curl | wc -l) -eq 2 ]]; then
cd
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
if which sudo > /dev/null; then
sudo ~/awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
else
# This installs the AWS CLI to the default location (~/.local/lib/aws) and create a symbolic link (symlink) at ~/bin/aws. Make sure that ~/bin is in your $PATH.
awscli-bundle/install -b ~/bin/aws
fi
rm -rf awscli-bundle*
cd -
else
echo "Unable to install AWS CLI. Please install pip."
exit 1
fi
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 11.0M 100 11.0M 0 0 61.3M 0 --:--:-- --:--:-- --:--:-- 61.5M
Archive: awscli-bundle.zip
inflating: awscli-bundle/install
inflating: awscli-bundle/packages/s3transfer-0.2.0.tar.gz
inflating: awscli-bundle/packages/colorama-0.3.9.tar.gz
inflating: awscli-bundle/packages/argparse-1.2.1.tar.gz
inflating: awscli-bundle/packages/pyasn1-0.4.5.tar.gz
inflating: awscli-bundle/packages/urllib3-1.22.tar.gz
inflating: awscli-bundle/packages/botocore-1.12.133.tar.gz
inflating: awscli-bundle/packages/awscli-1.16.143.tar.gz
inflating: awscli-bundle/packages/docutils-0.14.tar.gz
inflating: awscli-bundle/packages/six-1.12.0.tar.gz
inflating: awscli-bundle/packages/urllib3-1.24.2.tar.gz
inflating: awscli-bundle/packages/PyYAML-3.13.tar.gz
inflating: awscli-bundle/packages/rsa-3.4.2.tar.gz
inflating: awscli-bundle/packages/simplejson-3.3.0.tar.gz
inflating: awscli-bundle/packages/python-dateutil-2.6.1.tar.gz
inflating: awscli-bundle/packages/futures-3.2.0.tar.gz
inflating: awscli-bundle/packages/virtualenv-15.1.0.tar.gz
inflating: awscli-bundle/packages/ordereddict-1.1.tar.gz
inflating: awscli-bundle/packages/jmespath-0.9.4.tar.gz
inflating: awscli-bundle/packages/python-dateutil-2.8.0.tar.gz
inflating: awscli-bundle/packages/setup/setuptools_scm-1.15.7.tar.gz
Running cmd: /usr/bin/python virtualenv.py --no-download --python /usr/bin/python /usr/local/aws
Running cmd: /usr/local/aws/bin/pip install --no-cache-dir --no-index --find-links file:///home/circleci/awscli-bundle/packages/setup setuptools_scm-1.15.7.tar.gz
Running cmd: /usr/local/aws/bin/pip install --no-cache-dir --no-index --find-links file:///home/circleci/awscli-bundle/packages awscli-1.16.143.tar.gz
Traceback (most recent call last):
File "/home/circleci/awscli-bundle/install", line 162, in <module>
main()
File "/home/circleci/awscli-bundle/install", line 151, in main
pip_install_packages(opts.install_dir)
File "/home/circleci/awscli-bundle/install", line 119, in pip_install_packages
pip_script, PACKAGES_DIR, cli_tarball))
File "/home/circleci/awscli-bundle/install", line 49, in run
p.returncode, cmd, stdout + stderr))
__main__.BadRCError: Bad rc (1) for cmd '/usr/local/aws/bin/pip install --no-cache-dir --no-index --find-links file:///home/circleci/awscli-bundle/packages awscli-1.16.143.tar.gz': Processing ./awscli-1.16.143.tar.gz
Collecting botocore==1.12.133 (from awscli==1.16.143)
Collecting colorama<=0.3.9,>=0.2.5 (from awscli==1.16.143)
Collecting docutils>=0.10 (from awscli==1.16.143)
Collecting rsa<=3.5.0,>=3.1.2 (from awscli==1.16.143)
Collecting s3transfer<0.3.0,>=0.2.0 (from awscli==1.16.143)
Collecting PyYAML<=3.13,>=3.10 (from awscli==1.16.143)
Collecting jmespath<1.0.0,>=0.7.1 (from botocore==1.12.133->awscli==1.16.143)
Collecting python-dateutil<3.0.0,>=2.1 (from botocore==1.12.133->awscli==1.16.143)
Collecting urllib3<1.25,>=1.20 (from botocore==1.12.133->awscli==1.16.143)
Collecting pyasn1>=0.1.3 (from rsa<=3.5.0,>=3.1.2->awscli==1.16.143)
Collecting futures<4.0.0,>=2.2.0 (from s3transfer<0.3.0,>=0.2.0->awscli==1.16.143)
Collecting six>=1.5 (from python-dateutil<3.0.0,>=2.1->botocore==1.12.133->awscli==1.16.143)
Installing collected packages: jmespath, docutils, six, python-dateutil, urllib3, botocore, colorama, pyasn1, rsa, futures, s3transfer, PyYAML, awscli
Running setup.py install for jmespath: started
Running setup.py install for jmespath: finished with status 'done'
Running setup.py install for docutils: started
Running setup.py install for docutils: finished with status 'done'
Running setup.py install for six: started
Running setup.py install for six: finished with status 'done'
Running setup.py install for python-dateutil: started
Running setup.py install for python-dateutil: finished with status 'done'
Running setup.py install for urllib3: started
Running setup.py install for urllib3: finished with status 'done'
Running setup.py install for botocore: started
Running setup.py install for botocore: finished with status 'done'
Running setup.py install for colorama: started
Running setup.py install for colorama: finished with status 'done'
Running setup.py install for pyasn1: started
Running setup.py install for pyasn1: finished with status 'done'
Running setup.py install for rsa: started
Running setup.py install for rsa: finished with status 'done'
Running setup.py install for futures: started
Running setup.py install for futures: finished with status 'done'
Running setup.py install for s3transfer: started
Running setup.py install for s3transfer: finished with status 'done'
Running setup.py install for PyYAML: started
Running setup.py install for PyYAML: finished with status 'error'
Complete output from command /usr/local/aws/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-zNCc9_/PyYAML/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-6Va42O-record/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/aws/include/site/python2.7/PyYAML:
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-2.7
creating build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/composer.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/constructor.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/loader.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/reader.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/parser.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/cyaml.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/tokens.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/representer.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/dumper.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/scanner.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/error.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/nodes.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/serializer.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/events.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/emitter.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/resolver.py -> build/lib.linux-x86_64-2.7/yaml
copying lib/yaml/__init__.py -> build/lib.linux-x86_64-2.7/yaml
running build_ext
creating build/temp.linux-x86_64-2.7
checking if libyaml is compilable
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-2.7.13=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/check_libyaml.c -o build/temp.linux-x86_64-2.7/check_libyaml.o
checking if libyaml is linkable
x86_64-linux-gnu-gcc -pthread build/temp.linux-x86_64-2.7/check_libyaml.o -lyaml -o build/temp.linux-x86_64-2.7/check_libyaml
building '_yaml' extension
creating build/temp.linux-x86_64-2.7/ext
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-2.7.13=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c ext/_yaml.c -o build/temp.linux-x86_64-2.7/ext/_yaml.o
ext/_yaml.c:4:20: fatal error: Python.h: No such file or directory
#include "Python.h"
^
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
Command "/usr/local/aws/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-zNCc9_/PyYAML/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-6Va42O-record/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/aws/include/site/python2.7/PyYAML" failed with error code 1 in /tmp/pip-build-zNCc9_/PyYAML/
Exited with code 1
config:
version: 2.1
orbs:
aws-cli: circleci/[email protected]
jobs:
myjob:
docker:
- image: circleci/node:10
working_directory: ~/repo
steps:
- checkout
- aws-cli/install
The AWS client supports the environment variable $AWS_DEFAULT_REGION
. I think they got rid of $AWS_REGION
awhile ago? I'm wondering how many CircleCI customers have $AWS_DEFAULT_REGION
vs $AWS_REGION
?
See https://docs.aws.amazon.com/cli/latest/userguide/cli-environment.html
I assume it's just my poor yaml skills but I can't get this to work.
This does work:
version: 2.1
orbs:
aws-cli: circleci/[email protected]
build-docker:
machine: true
steps:
- aws-cli/install
- aws-cli/configure
but as soon as I add parameters, I get schema failures
build-docker:
machine: true
steps:
- aws-cli/install
- aws-cli/configure:
aws-access-key-id: AWS_ECR_USER_KEY
aws-secret-access-key: AWS_ECR_USER_SECRET
aws-region: AWS_DEFAULT_REGION
$ circleci config process .circleci/config.yml
Error: ERROR IN CONFIG FILE:
[#/jobs/build-docker] 0 subschemas matched instead of one
1. [#/jobs/build-docker] only 1 subschema matches out of 2
| 1. [#/jobs/build-docker/steps/4] 0 subschemas matched instead of one
| | 1. [#/jobs/build-docker/steps/4] expected type: String, found: Mapping
| | | Shorthand commands, like `checkout`
| | | SCHEMA:
| | | type: string
| | | INPUT:
| | | configure: null
| | | aws-access-key-id: AWS_ECR_USER_KEY
| | | aws-secret-access-key: AWS_ECR_USER_SECRET
| | | aws-region: AWS_DEFAULT_REGION
| | 2. [#/jobs/build-docker/steps/4] maximum size: [1], found: [3]
| | | long form commands like `run:`
| | | SCHEMA:
| | | maxProperties: 1
| | | INPUT:
| | | configure: null
| | | aws-access-key-id: AWS_ECR_USER_KEY
| | | aws-secret-access-key: AWS_ECR_USER_SECRET
| | | aws-region: AWS_DEFAULT_REGION
2. [#/jobs/build-docker] expected type: String, found: Mapping
| Job may be a string reference to another job
1.0.0
I was using this orb's "default" executor and when I switched to use v1.0.0 from v0.1.22 of this orb my job just kept running without completing after receiving an exit code 0.
This message was also in the output:
WARNING: terminal is not fully functional
The job should have exited after receiving an exit code 0.
Waiting to add p[ipeline parameters to orb starter kit. Then implement Orb Starter Kit
I've included the orb and I'm attempting to install but I'm receiving the error below. Everything worked fine until the last 3 builds i attempted:
AWS is not installed
Linux ffef583ffef5 4.15.0-1077-aws #81-Ubuntu SMP Wed Jun 24 16:48:15 UTC 2020 x86_64 GNU/Linux
curl: (51) SSL: no alternative certificate subject name matches target host name 'awscli.amazonaws.com'
Exited with code exit status 51
config.yml
version: 2.1
orbs:
aws-cli: circleci/[email protected]
...
jobs:
package-artifact:
docker:
- image: circleci/node:12.18
working_directory: *workspace
steps:
- aws-cli/install
Looking at the file inflated for installing awscli, doesn't it make sense to have a stripped down version, without docutils
, examples
and other stuff that is not required to execute awscli?
Related: CircleCI-Public/aws-s3-orb#6
Within CircleCI, we can run steps even after the previous command failed using when
: https://circleci.com/docs/2.0/configuration-reference/#run
This would be helpful for AWS-related actions that would need to be run every time, regardless of failure, to tear down test infrastructure or upload test results.
circleci/[email protected]
See also this issue
Orb step Configure AWS Access Key ID
fails, even though step Install AWS CLI
succeeds.
end of output of Install AWS CLI
:
Running cmd: /usr/bin/python virtualenv.py --no-download --python /usr/bin/python /root/.local/lib/aws
Running cmd: /root/.local/lib/aws/bin/pip install --no-cache-dir --no-index --find-links file:///root/awscli-bundle/packages/setup setuptools_scm-1.15.7.tar.gz
Running cmd: /root/.local/lib/aws/bin/pip install --no-cache-dir --no-index --find-links file:///root/awscli-bundle/packages awscli-1.16.204.tar.gz
You can now run: /root/bin/aws --version
/root/project
output of Configure AWS Access Key ID
#!/bin/bash -eo pipefail
aws configure set aws_access_key_id \
$AWS_ACCESS_KEY_ID \
--profile default
/bin/bash: aws: command not found
Exited with code 127
Config:
version: 2.1
orbs:
aws-s3: circleci/[email protected]
jobs:
build:
docker:
- image: node:latest
[...]
steps:
[...]
- run:
name: Build
command: npm run build
- aws-s3/sync:
from: dist
to: 's3://[REDACTED]'
arguments: '--delete'
It should find the aws
command if the step just before says it's installed correctly.
For certain workflows, the option to add a role to the AWS config is required. Currently this is an extra step in the job to write the ARN of the role to assume.
Having the option to specify a role to be added to either the default or named profile would allow better use of the IAM User to Role assumption that most people use.
We're running a CI Job in the docker.bintray.io/jfrog/jfrog-cli-go:latest
image, and the orb doesn't install:
Installing AWS CLI v2
+ uname -a
+ grep Darwin
+ uname -a
+ grep 'x86_64 GNU/Linux'
+ uname -a
+ grep 'aarch64 GNU/Linux'
+ echo 'This platform appears to be unsupported.'
This platform appears to be unsupported.
+ uname -a
Linux 883adc3d22f7 4.15.0-1092-aws #98-Ubuntu SMP Wed Jan 6 22:22:51 UTC 2021 x86_64 Linux
+ exit 1
Exited with code exit status 1
It would be great if it could grep for x86_64 Linux
in addition to x86_64 GNU/Linux
.
Also, it seems like the orb doesn't work when run in sh
. Maybe the orb can specify the shell to be bash
?
Please add support when using the "windows/default" executor. I'm currently use the bash shell as the powershell has some issue too.
A minimal config:
version: 2.1
orbs:
aws-cli: circleci/[email protected]
aws-ecr: circleci/[email protected]
helm: circleci/[email protected]
workflows:
version: 2
build_test_deploy:
jobs:
- aws_cli_setup
- build_test_deploy:
requires:
- aws_cli_setup
jobs:
build_test_deploy:
machine:
docker_layer_caching: true
working_directory: ~/repo
steps:
- checkout
- run: aws --version
- run: aws eks update-kubeconfig --name erp-app-cluster
- helm/install-helm-client
- run: helm list
aws_cli_setup:
working_directory: ~/repo
executor: aws-cli/default
steps:
- aws-cli/install
- aws-cli/configure:
profile-name: circle-ci
aws-access-key-id: AWS_ACCESS_KEY_ID
aws-secret-access-key: AWS_SECRET_ACCESS_KEY
aws-region: AWS_REGION
- aws-ecr/ecr-login:
region: AWS_REGION
the aws_cli_setup
job completes but when I run aws eks
I get:
Invalid choice: 'eks', maybe you meant:
I don't understand why aws eks
is not available with that version of the aws cli...
in the other job, build_test_deploy
, - run: aws --version
reports a different version, I don't get it :(
When installing the aws-cli the install python and pip step fails with the following output:
#!/bin/bash -eo pipefail
sudo apt-get -y -qq install python3.5-dev
sudo curl -O https://bootstrap.pypa.io/get-pip.py
sudo python3.5 get-pip.py
Selecting previously unselected package python3.5-dev.
Preparing to unpack .../python3.5-dev_3.5.3-1+deb9u3_amd64.deb ...
Unpacking python3.5-dev (3.5.3-1+deb9u3) ...
Setting up libpython3.5:amd64 (3.5.3-1+deb9u3) ...
Setting up libpython3.5-dev:amd64 (3.5.3-1+deb9u3) ...
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Setting up python3.5-dev (3.5.3-1+deb9u3) ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1883k 100 1883k 0 0 10.9M 0 --:--:-- --:--:-- --:--:-- 11.0M
Traceback (most recent call last):
File "get-pip.py", line 24226, in
main()
File "get-pip.py", line 199, in main
bootstrap(tmpdir=tmpdir)
File "get-pip.py", line 82, in bootstrap
from pip._internal.cli.main import main as pip_entry_point
File "", line 969, in _find_and_load
File "", line 954, in _find_and_load_unlocked
File "", line 896, in _find_spec
File "", line 1147, in find_spec
File "", line 1123, in _get_spec
File "", line 1104, in _legacy_get_spec
File "", line 444, in spec_from_loader
File "", line 541, in spec_from_file_location
File "/tmp/tmp2wy4bcc7/pip.zip/pip/_internal/cli/main.py", line 60
sys.stderr.write(f"ERROR: {exc}")
^
SyntaxError: invalid syntax
Exited with code exit status 1
CircleCI received exit code 1
I think the problem is that 3.5 is no longer supported by PIP.
AWS CLI uses less
for output for some commands. Sometimes it is not not available. I think we should check for less and it it is not available it should install it.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.