Variabilise CICD account ID and role name to be used in get sts tocken shell script

This commit is contained in:
Olivier Saluden 2023-07-03 16:19:20 +02:00
parent f57fdb2f93
commit 98df0dd8b3
3 changed files with 6 additions and 1 deletions

View file

@ -36,6 +36,10 @@ CICD_RUNNER_TAGS={{ CICD_RUNNER_TAGS | join(',') }}
{% if CICD_ROLE_NAME %}
CICD_ROLE_NAME={{ CICD_ROLE_NAME }}
{% endif %}
{% if CICD_ACCOUNT_ID %}
CICD_ACCOUNT_ID={{ CICD_ACCOUNT_ID }}
{% endif %}
########################################################################################################################
# Docker Compose image tags to use

View file

@ -66,7 +66,7 @@ stages:
script: |
#!/usr/bin/env bash
echo "Getting temporary credentials associated to assume role"
STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::903534291474:role/XXXXXX-CiCd-CrossAccountRole --role-session-name ${CI_COMMIT_SHA})
STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::{{ environ('CICD_ACCOUNT_ID') }}:role/{{ environ('CICD_ROLE_NAME') }} --role-session-name ${CI_COMMIT_SHA})
AWS_ACCESS_KEY_ID=$(echo $STS_CREDS | jq -r '.Credentials.AccessKeyId')
AWS_SECRET_ACCESS_KEY=$(echo $STS_CREDS | jq -r '.Credentials.SecretAccessKey')
AWS_SESSION_TOKEN=$(echo $STS_CREDS | jq -r '.Credentials.SessionToken')

View file

@ -58,6 +58,7 @@ GITLAB_JOBS:
delete_all: True
CICD_ROLE_NAME: XXXXXX-CiCd-CrossAccountRole
CICD_ACCOUNT_ID: 123546789123
# Run Terraform apply only on main branch
TF_APPLY_ONLY_MAIN: True