OY-4608 Tee assume role vasta skeeman päivityksen jälkeen [skip ci]

scripts/lampi-export/lampi-export.sh

@@ -35,12 +35,6 @@ dump_and_upload_db_to_lampi() {
 
     log "INFO" "Starting ${db_name} database data dump"
 
-    local -r credentials_json=$(aws sts assume-role --role-arn "$assume_role_arn" --external-id "$ssm_external_id" --role-session-name "ehoks-lampi-export-$ENV_NAME")
-    local -r assume_role_access_key_id=$(jq -r '.Credentials.AccessKeyId' <<<"${credentials_json}")
-    local -r assume_role_secret_access_key=$(jq -r '.Credentials.SecretAccessKey' <<<"${credentials_json}")
-    local -r assume_role_session_token=$(jq -r '.Credentials.SessionToken' <<<"${credentials_json}")
-    log "INFO" "Assumed temporary access key ${assume_role_access_key_id}"
-
     local -r db_password="$ssm_app_user_password"
 
     # aws s3 extension and granting privileges need to be created with master user:
@@ -53,6 +47,12 @@ dump_and_upload_db_to_lampi() {
     log "INFO" "Refreshing $reporting_schema_name schema"
     pg_command "$db_password" "SELECT refresh_reporting('${reporting_schema_name}')" > /dev/null
 
+    local -r credentials_json=$(aws sts assume-role --role-arn "$assume_role_arn" --external-id "$ssm_external_id" --role-session-name "ehoks-lampi-export-$ENV_NAME")
+    local -r assume_role_access_key_id=$(jq -r '.Credentials.AccessKeyId' <<<"${credentials_json}")
+    local -r assume_role_secret_access_key=$(jq -r '.Credentials.SecretAccessKey' <<<"${credentials_json}")
+    local -r assume_role_session_token=$(jq -r '.Credentials.SessionToken' <<<"${credentials_json}")
+    log "INFO" "Assumed temporary access key ${assume_role_access_key_id}"
+
     for db_table in $(pg_command "$db_password" "SELECT table_name FROM information_schema.tables WHERE table_schema = '$reporting_schema_name'" 1); do
       local s3_key="fulldump/$system_name/$version/${db_table}.csv"
       local s3_url="s3://$local_s3_bucket/$s3_key"