Variabilise CICD account ID and role name to be used in get sts tocken shell script
This commit is contained in:
parent
f57fdb2f93
commit
98df0dd8b3
3 changed files with 6 additions and 1 deletions
|
@ -36,6 +36,10 @@ CICD_RUNNER_TAGS={{ CICD_RUNNER_TAGS | join(',') }}
|
|||
{% if CICD_ROLE_NAME %}
|
||||
CICD_ROLE_NAME={{ CICD_ROLE_NAME }}
|
||||
|
||||
{% endif %}
|
||||
{% if CICD_ACCOUNT_ID %}
|
||||
CICD_ACCOUNT_ID={{ CICD_ACCOUNT_ID }}
|
||||
|
||||
{% endif %}
|
||||
########################################################################################################################
|
||||
# Docker Compose image tags to use
|
||||
|
|
|
@ -66,7 +66,7 @@ stages:
|
|||
script: |
|
||||
#!/usr/bin/env bash
|
||||
echo "Getting temporary credentials associated to assume role"
|
||||
STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::903534291474:role/XXXXXX-CiCd-CrossAccountRole --role-session-name ${CI_COMMIT_SHA})
|
||||
STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::{{ environ('CICD_ACCOUNT_ID') }}:role/{{ environ('CICD_ROLE_NAME') }} --role-session-name ${CI_COMMIT_SHA})
|
||||
AWS_ACCESS_KEY_ID=$(echo $STS_CREDS | jq -r '.Credentials.AccessKeyId')
|
||||
AWS_SECRET_ACCESS_KEY=$(echo $STS_CREDS | jq -r '.Credentials.SecretAccessKey')
|
||||
AWS_SESSION_TOKEN=$(echo $STS_CREDS | jq -r '.Credentials.SessionToken')
|
||||
|
|
|
@ -58,6 +58,7 @@ GITLAB_JOBS:
|
|||
delete_all: True
|
||||
|
||||
CICD_ROLE_NAME: XXXXXX-CiCd-CrossAccountRole
|
||||
CICD_ACCOUNT_ID: 123546789123
|
||||
|
||||
# Run Terraform apply only on main branch
|
||||
TF_APPLY_ONLY_MAIN: True
|
||||
|
|
Loading…
Reference in a new issue