Reputation: 651
AWS Codepipeline: grab credentials for use in build step?
I have an AWS Code Pipeline whose build step uses the AWS CLI, so of course it needs AWS credentials to work.
I don't see how to do this ... the 'source stage' checks out from github and therefore has the source artifact as its output artifact.
I wound up just committing the credentials into the branch I'm building from (currently unencrypted, though I can of course encrypt them if this workaround has to go into production) ... and this works.
Isn't there some way to do this "correctly" without getting the credentials from that branch?
Upvotes: 1
Views: 861
Answers (1)
Reputation: 106
In the build action, if you are using CodeBuild project, You need to attach custom policies to CodeBuild service role. So, when you use AWS CLI goes through the credentials providers in order and will fetch temporary credentials for that role. This way you don't have to commit sensitive environment configuration in your repo.
Upvotes: 1
Related Questions
- Access AWS CodeBuild Variables in AWS CodePipeline
- 401 Bad credentials when try to hook code pipeline with GitHub
- AWS CodeBuild/CodePipeline user input parameters
- AWS CodeBuild secrets-manager config with environment variable
- Passing EnvironmentVariables from AWS Codepipeline to CodeBuild
- How can codeBuild container run aws-cli commands without prior authentication?
- Passing SSM parameters to CodeBuild project securely
- Working with manual approvals for multiple builds in AWS CodePipeline
- how to pass pem files and other secrets to AWS CodeBuild?
- Handling run time and build time secrets in AWS CodePipeline