Comments (2)
Hey @queglay - Thank you for writing in. I'd be happy to help here.
In your example here, with the way you're running the aws-cli/role_arn_setup
command, you are required to use -- profile circle-ci
in your subsequent command. The aws-cli/role_arn_setup
command is designed to let you set up a new profile that inherits the permissions of the soure_profile
given that your role_arn
enables the permissioning to do so.
Is there a reason that you do not want to use the --profile
flag in your command?
50: configure_role_arn:
51: executor: aws-cli/default
52: steps:
53: - checkout
54: - aws-cli/setup:
55: profile_name: default
56: - aws-cli/role_arn_setup:
57: profile_name: circle-ci
58: role_arn: arn:aws:iam::972620357255:role/circle-ci
59: source_profile: default
60: - run: >-
61: aws sts assume-role --role-arn
62: "arn:aws:iam::972620357255:role/circle-ci" --role-session-name
63: AWSCLI-Session
Alternatively, if you don't want to use a profile name, you should just provide the aws-cli/setup
command with a valid role-arn
without a profile name. When you provide a valid role-arn
to the setup command, it automatically runs assume_role_with_web_identity
in the background and sets up temporary keys to the default
profile. You have to make sure that your role_arn
is setup to authenticate with OIDC in AWS. You can see how to do it here: https://circleci.com/blog/openid-connect-identity-tokens/
From there, you just need to run follow this usage example:
version: '2.1'
orbs:
aws-cli: circleci/[email protected]
jobs:
aws-cli-example:
executor: aws-cli/default
steps:
- checkout
- aws-cli/setup:
role_arn: arn:aws:iam::123456789012:role/WEB-IDENTITY-ROLE
role_session_name: example-session
- run: echo "Run your code here"
workflows:
aws-cli:
jobs:
- aws-cli-example:
context: aws
Let me know if any of that helps!
from aws-cli-orb.
Hey @queglay,
I am going to close this out for now but feel free to reopen if you need anything else!
Best,
Brian
from aws-cli-orb.
Related Issues (20)
- `install` on older windows images fails when `override_installed: true` HOT 6
- 'role_arn' IS a required argument when calling 'aws-cli/setup' HOT 2
- circleci/[email protected] fails on aws-cli/setup - Error relocating /usr/bin/curl (alpine)
- Generate shortlived AWS Keys using CircleCI OIDC token fails
- Grep statement in install.sh (Windows) can cause wrong path to be added HOT 1
- 'disable_aws_pager' argument ignored if AWS CLI is already installed
- Enhance Installation Flow for Existing CLI Versions
- multiple calls to setup don't use newest role
- Broken AWS Credentials after #164 (4.1.2) HOT 8
- Incorrect Version Check in Installation Script (install.sh) when using 'latest'
- Extra hyphen at the end of role_session_name HOT 1
- upgrade glibc from 2.34-r0 to 2.35-r1 to resolve nsswitch cannot be overwrriten issue
- /tmp/default.keys: No such file or directory HOT 3
- OICD AWS Provider - Old AWS orb version not consistent with > 4.0 version causing issues with AWS Credentials configuration HOT 1
- `setup` command fails with OIDC role while `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` are set in the environment HOT 5
- Unable to use a dynamic `role_arn` with `assume_role_with_web_identity` command HOT 1
- Permission Denied for $BASH_ENV in v4.1.3
- setup not creating fully up to date credentials file
- aws-cli/install step fails using [email protected] on xcode 15.4.0 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-cli-orb.