Last active
November 19, 2024 15:16
-
-
Save Ompragash/415945bbd7782e378e36f152dc527443 to your computer and use it in GitHub Desktop.
Revisions
-
Ompragash revised this gist
Nov 19, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,7 +11,7 @@ - step: type: Plugin name: AWS OIDC Plugin identifier: awsOidc spec: connectorRef: account.harnessImage image: plugins/aws-oidc:latest -
Nov 19, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,33 @@ # Drone AWS OIDC Plugin - When the `plugins/aws-oidc` plugin is used in a Harness CI pipeline stage, CI Manager automatically retrieves the OIDC token during pipeline execution. This token is passed to the `PLUGIN_OIDC_TOKEN_ID` environment variable. - The plugin uses this token (`PLUGIN_OIDC_TOKEN_ID`) to generate temporary AWS credentials, which can be utilized in subsequent steps to perform AWS operations. - These temporary credentials are exported as masked secrets. They can be referenced in later steps using `<+execution.steps.awsOidc.output.outputVariables.AWS_ACCESS_KEY_ID>` but cannot be viewed directly. - See the sample pipeline YAML below for a complete example. ### Sample Harness CI Pipeline YAML ```yaml steps: - step: type: Plugin name: AWS OIDC Plugin identifier: AWSOIDC spec: connectorRef: account.harnessImage image: plugins/aws-oidc:latest settings: iamRoleArn: arn:aws:iam::0897867564534:role/op-ansibler role_session_name: awsoidc duration: "3600" - step: type: Run name: "Verify AWS Temp Creds" identifier: Run_1 spec: shell: Sh command: | echo "Printing just the AWS Access Key ID that we retrieved from the last step" echo <+execution.steps.awsOidc.output.outputVariables.AWS_ACCESS_KEY_ID> #echo <+execution.steps.awsOidc.output.outputVariables.AWS_SECRET_ACCESS_KEY> #echo <+execution.steps.awsOidc.output.outputVariables.AWS_SESSION_TOKEN> ```