Closed davidtwamley closed 2 years ago
Very interesting - I can't see any reason why AWS_ACCESS_KEY_ID
would take priority over AWS_ACCESS_KEY_ID_BLUE
. Going to take this one internally.
It would appear that the env vars are being chosen by the AWS CLI - if I'm reading correctly, it will prefer the default environment variable names https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
If I set "override values" in the orb I would expect those to take precedence (even if my organization has some defaults in the environment).
How about adding --profile default
to the aws cli command?
Edit: Or better yet. Instead of using profiles at all we could use the provided variables to use them in the line of the command itself. So: AWS_SECRET_KEY=... aws s3 cp
Hi folks!
Thank you for bringing this to our attention and for the suggestions.
This orb is meant to be an interface with the AWS CLI. Since the behaviour described in this issue exists by design, modifying it would defeat the purpose of the orb.
Orb Version 1.0.15
Default env vars AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY win over specific env vars like AWS_ACCESS_KEY_ID_BLUE and AWS_SECRET_ACCESS_KEY_BLUE when all are present. When using a config like the one found in the example
You can break that example by creating environment vars named AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY with junk values.
I expect "defaults" to be fall back values in this scenario.
We worked around it by naming both sets with suffixes and staying away from the default key names.