mbarneyjr
commented
2 years ago The issue is likely because awsume isn't being sourced in your CI/CD environment. awsume-configure helps this by adding an alias to your shell's login file, but in a CI/CD environment I've found that aliases are not loaded
If I were to use awsume in a CI/CD environment I would explicitly put a source in front of the command, so
mycicdscript: |
source awsume --role-arn 000111222333:cicd-deployment-role
aws sts get-caller-identityAlso, if you're interested in reducing dependencies (not having to install awsume in your CI/CD or docker images), you can use a shell one-liner with the awscli --query flag to set this for you (maybe doesn't read very well but it works):
export $(aws sts assume-role --role-arn ${ROLE_ARN} --role-session-name ${ROLE_SESSION_NAME} --output text --query "[['AWS_ACCESS_KEY_ID',Credentials.AccessKeyId],['AWS_SECRET_ACCESS_KEY',Credentials.SecretAccessKey],['AWS_SESSION_TOKEN',Credentials.SessionToken]][*].join(\`=\`,@)")I'll close this for now but feel free to reopen if this doesn't help!
rpf3
I'm trying to use awsume in the context of a CI/CD system and have built the tool into my base container image. When I run the image I am able to run
awsumecommands without issue however when I then hook this into the build system I start getting an error message about the "return" statement. For example:I've come across a few issues on here already similar to #155 which are closed but the solution of "run awsume-configure" isn't helping in my case; or at least it doesn't appear to be. I have run that command in the Dockerfile and can verify that the alias is in my
~/.profilewhen within a running container.I also use awsume locally for my own day-to-day AWS interactions and was able to verify a similar behavior in my own local terminal. If I create a simple script that only runs
awsume --versionand then execute that I get the same error.Am I missing something completely obvious? What other information would help debugging this?