Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add logic to handle aws token for sso accounts #163

Merged
merged 9 commits into from
Apr 7, 2022
Merged

add logic to handle aws token for sso accounts #163

merged 9 commits into from
Apr 7, 2022

Conversation

mickmcgrath13
Copy link
Contributor

@mickmcgrath13 mickmcgrath13 commented Apr 6, 2022
edited
Loading

Description

AWS SSO credentials require AWS_SESSION_TOKEN to work properly. This PR adds the env var to the /root/.aws/credentials file if the env var exists.

(note: I would expect the env vars alone to work, but I tested that, and they do not)

Fixes #162
Fixes #141

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)

How Has This Been Tested?

  1. Locally mounting to the bitops repo to run against an ops repo by modifying the main deploy script and running aws commands before exit 0 before all the other code can run
  2. Create a tagged bitops image and use in a pipeline runner

Logs
bitops command:

docker run --rm --name bitops \
-e AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \
-e AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
-e AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" \
-e AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION}" \
-e ENVIRONMENT="example" \
-e TF_STATE_BUCKET="bitovi-operations-devops-training-example" \
-e DEFAULT_FOLDER_NAME="_default" \
-v $(pwd):/opt/bitops_deployment \
-v /Users/mick/Projects/Bitovi/bitops:/opt/bitops \
bitovi/bitops:v1.0.13

aws command

###########################################
##### DEBUGGING
###########################################
aws s3api list-buckets
exit 0
###########################################
##### END DEBUGGING
###########################################

without change

An error occurred (InvalidAccessKeyId) when calling the ListBuckets operation: The AWS Access Key Id you provided does not exist in our records.

With change

{
    "Buckets": [
        {
            "Name": "bitovi-operations-devops-training",
            "CreationDate": "2022-04-04T18:23:05+00:00"
        },
        {
            "Name": "bitovi-operations-devops-training-example",
            "CreationDate": "2022-04-04T21:03:18+00:00"
        }
    ]
}

Test Configuration:

  • BitOps image tag used:
  • Hardware:
  • Tool:

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation

@mickmcgrath13 mickmcgrath13 mentioned this pull request Apr 6, 2022
Closed
@PhillypHenning
Copy link
Contributor

👍 Great description of work. Thanks for keeping it clean.

👍 Code looks good. I can't see any potential problems arising

dylan-bitovi
dylan-bitovi approved these changes Apr 6, 2022
View reviewed changes
Copy link
Contributor

@dylan-bitovi dylan-bitovi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀 LGTM!

@mickmcgrath13 mickmcgrath13 merged commit 51b08fe into master Apr 7, 2022
@mickmcgrath13 mickmcgrath13 deleted the handle-aws-sso branch April 7, 2022 14:04
@PhillypHenning PhillypHenning mentioned this pull request Jul 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PhillypHenning PhillypHenning PhillypHenning approved these changes

@ConnorGraham ConnorGraham ConnorGraham approved these changes

@dylan-bitovi dylan-bitovi dylan-bitovi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handle AWS SSO credentials Migrate CircleCI pipeline to Github actions
4 participants
@mickmcgrath13 @PhillypHenning @ConnorGraham @dylan-bitovi