-
-
Save jakebrinkmann/26abfd176dafad0dbbf017a57a8fa0e9 to your computer and use it in GitHub Desktop.
CI/CD assume role
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| check_empty () { | |
| # $1 is variable name | |
| # Write status | |
| echo "checking variable ${1} ..." | |
| # check if variable is empty - unset or '' | |
| if [ -z "$(eval echo \$"$1")" ]; then | |
| echo "${1} is empty!" | |
| exit 1 | |
| fi | |
| } | |
| # perform validation | |
| check_empty ASSUME_ROLE_ARN | |
| check_empty AWS_ACCESS_KEY_ID | |
| check_empty AWS_SECRET_ACCESS_KEY | |
| # create temporary directory for aws config & credentials | |
| mkdir -p "$(pwd)/.aws" | |
| # configure aws cli behaviour | |
| export AWS_CONFIG_FILE="$(pwd)/.aws/config" | |
| export AWS_SHARED_CREDENTIALS_FILE="$(pwd)/.aws/credentials" | |
| export AWS_DEFAULT_PROFILE="sub-account" | |
| cat <<EOT > "${AWS_CONFIG_FILE}" | |
| [profile main] | |
| region = eu-central-1 | |
| output = json | |
| [profile sub-account] | |
| role_arn = ${ASSUME_ROLE_ARN} | |
| source_profile = main | |
| EOT | |
| cat <<EOT > "${AWS_SHARED_CREDENTIALS_FILE}" | |
| [main] | |
| aws_access_key_id = ${AWS_ACCESS_KEY_ID} | |
| aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY} | |
| EOT | |
| # unset AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, | |
| # otherwise AWS_DEFAULT_PROFILE won't work | |
| unset AWS_ACCESS_KEY_ID | |
| unset AWS_SECRET_ACCESS_KEY |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment