Giter Site home page Giter Site logo

Comments (2)

brivu avatar brivu commented on September 22, 2024

Hey @queglay - Thank you for writing in. I'd be happy to help here.

In your example here, with the way you're running the aws-cli/role_arn_setup command, you are required to use -- profile circle-ci in your subsequent command. The aws-cli/role_arn_setup command is designed to let you set up a new profile that inherits the permissions of the soure_profile given that your role_arn enables the permissioning to do so.

Is there a reason that you do not want to use the --profile flag in your command?

50:   configure_role_arn:
51:     executor: aws-cli/default
52:     steps:
53:       - checkout
54:       - aws-cli/setup:
55:           profile_name: default
56:       - aws-cli/role_arn_setup:
57:           profile_name: circle-ci
58:           role_arn: arn:aws:iam::972620357255:role/circle-ci
59:           source_profile: default
60:       - run: >-
61:           aws sts assume-role --role-arn
62:           "arn:aws:iam::972620357255:role/circle-ci" --role-session-name
63:           AWSCLI-Session

Alternatively, if you don't want to use a profile name, you should just provide the aws-cli/setup command with a valid role-arn without a profile name. When you provide a valid role-arn to the setup command, it automatically runs assume_role_with_web_identity in the background and sets up temporary keys to the default profile. You have to make sure that your role_arn is setup to authenticate with OIDC in AWS. You can see how to do it here: https://circleci.com/blog/openid-connect-identity-tokens/

From there, you just need to run follow this usage example:

version: '2.1'
orbs:
  aws-cli: circleci/[email protected]
jobs:
  aws-cli-example:
    executor: aws-cli/default
    steps:
      - checkout
      - aws-cli/setup:
          role_arn: arn:aws:iam::123456789012:role/WEB-IDENTITY-ROLE
          role_session_name: example-session
      - run: echo "Run your code here"
workflows:
  aws-cli:
    jobs:
      - aws-cli-example:
          context: aws

Let me know if any of that helps!

from aws-cli-orb.

brivu avatar brivu commented on September 22, 2024

Hey @queglay,

I am going to close this out for now but feel free to reopen if you need anything else!

Best,
Brian

from aws-cli-orb.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.