1. circleci/aws-cli@5.1.3

circleci/aws-cli@5.1.3

Certified
Sections
Install and configure the AWS command-line interface (awscli) version 2. (To use AWS CLI v1 view version 1.4.1 of this orb) Supports Linux x86_64, MacOS, Arm64 V8 and Windows with bash.exe
Created: August 20, 2018Version Published: February 4, 2025Releases: 64
Org Usage:
4449
Categories:

Orb Quick Start Guide

Use CircleCI version 2.1 at the top of your .circleci/config.yml file.

1 version: 2.1

Add the orbs stanza below your version, invoking the orb:

1 2 orbs: aws-cli: circleci/aws-cli@5.1.3

Use aws-cli elements in your existing workflows and jobs.

Usage Examples

configure_role_arn

Configure a new profile to assume a role defined by a role_arn. Must first authenticate with OIDC or static AWS Keys stored as environment variables in CircleCI.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 version: '2.1' orbs: aws-cli: circleci/aws-cli@5.1 jobs: configure_role_arn: executor: aws-cli/default steps: - checkout - aws-cli/setup: profile_name: default - aws-cli/role_arn_setup: profile_name: new-profile role_arn: arn:aws:iam::123456789012:role/example-role source_profile: default - run: >- aws sts assume-role --role_arn "arn:aws:iam::123456789012:role/example-role" --role_session_name AWSCLI-Session workflows: aws-cli: jobs: - configure_role_arn

install_aws_cli

Easily install and configure the AWS CLI automatically in your jobs or commands.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 version: '2.1' orbs: aws-cli: circleci/aws-cli@5.1 jobs: aws-cli-example: executor: aws-cli/default steps: - checkout - aws-cli/setup: profile_name: example - run: echo "Run your code here" workflows: aws-cli: jobs: - aws-cli-example: context: aws

install_aws_cli_with_web_identity

Setup the AWS CLI and configure with Web Identity. Assume roles on AWS without storing keys on CircleCI and utilize short-term credentials instead. For more information, see the CircleCI OIDC docs: https://circleci.com/docs/2.0/openid-connect-tokens

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 version: '2.1' orbs: aws-cli: circleci/aws-cli@5.1 jobs: aws-cli-example: executor: aws-cli/default steps: - checkout - aws-cli/setup: profile_name: WEB IDENTITY PROFILE role_arn: arn:aws:iam::123456789012:role/WEB-IDENTITY-ROLE role_session_name: example-session - run: echo "Run your code here" workflows: aws-cli: jobs: - aws-cli-example: context: aws

Commands

install

Install the AWS CLI via Pip if not already installed.

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
binary_dir
The main aws program in the install directory is symbolically linked to the file aws in the specified path. Defaults to /usr/local/bin
No
/usr/local/bin
string
disable_aws_pager
Set to false to skip forceful disabling of all AWS CLI output paging.
No
true
boolean
install_dir
Specify the installation directory of AWS CLI. Defaults to /usr/local/aws-cli
No
/usr/local/aws-cli
string
override_installed
By default, if the AWS CLI is detected on the system, the install will be skipped. Enable this to override the installed version and install your specified version.
No
false
boolean
use_brew
Set to true if you want to use the Homebrew CLI to install the awscli. Only compatible with the macOS executor. Defaults to false. When using brew, only the brew version is available.
No
false
boolean
version
Select a specific version of the AWS v2 CLI. By default the latest version will be used. This value is ignored on Alpine, and the default version on the repositories is installed.
No
latest
string

role_arn_setup

Create a new profile with role arn and source profile

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
profile_name
Name of new profile associated with role arn.
Yes
-
string
role_arn
Role ARN that the profile should take.
Yes
-
string
source_profile
Source profile containing credentials to assume the role with role_arn.
No
default
string

setup

Installs aws-cli and then configure and store AWS credentials in ~/.aws/credentials and ~/.aws/config. If role_session_name and role_arn are provided, it will attempt to use OIDC auth.

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
aws_access_key_id
AWS access key id for IAM role. Set this to the name of the environment variable you will use to hold this value, i.e. AWS_ACCESS_KEY.
No
$AWS_ACCESS_KEY_ID
string
aws_secret_access_key
AWS secret key for IAM role. Set this to the name of the environment variable you will use to hold this value, i.e. AWS_SECRET_ACCESS_KEY.
No
$AWS_SECRET_ACCESS_KEY
string
binary_dir
The main aws program in the install directory is symbolically linked to the file aws in the specified path. Defaults to /usr/local/bin
No
/usr/local/bin
string
configure_default_region
Some AWS actions don't require a region; set this to false if you do not want to store a default region in ~/.aws/config Any AWS CLI command will default to this region if none is specified with the --region CLI parameter.
No
true
boolean
configure_profile_region
Boolean whether to configure the region for the custom (non-default) profile. The specified region will be used for AWS CLI commands executed under that specific profile using the --profile CLI parameter.
No
true
boolean
disable_aws_pager
Set to false to skip forceful disabling of all AWS CLI output paging.
No
true
boolean
install_dir
Specify the installation directory of AWS CLI. Defaults to /usr/local/aws-cli
No
/usr/local/aws-cli
string
override_installed
By default, if the AWS CLI is detected on the system, the install will be skipped. Enable this to override the installed version and install your specified version.
No
false
boolean
profile_name
Profile name to be configured.
No
default
string
region
AWS region to operate in (defaults to env var of ${AWS_DEFAULT_REGION})
No
${AWS_DEFAULT_REGION}
string
role_arn
The Amazon Resource Name (ARN) of the role that the caller is assuming. Role ARN must be configured for web identity.
No
''
string
role_session_name
An identifier for the assumed role session
No
${CIRCLE_JOB}
string
session_duration
The duration of the session in seconds
No
'3600'
string
set_aws_env_vars
Write AWS keys generated from OIDC to a temporary file. Set to false if generating keys for multiple profiles. By default, the keys are written to $BASH_ENV.
No
true
boolean
use_brew
Set to true if you want to use brew to install the awscli. Only compatible with MacOs executor. Default to false. When using brew, only the brew version is available.
No
false
boolean
version
Select a specific version of the AWS v2 CLI. By default the latest version will be used.
No
latest
string

Executors

default

A base Ubuntu Docker image built to run on CircleCI

Show executor Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
tag
Select your version or any of the available tags here: https://hub.docker.com/r/cimg/base.
No
current
string

Orb Source

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 # This code is licensed from CircleCI to the user under the MIT license. # See here for details: https://circleci.com/developer/orbs/licensing version: 2.1 description: | Install and configure the AWS command-line interface (awscli) version 2. (To use AWS CLI v1 view version 1.4.1 of this orb) Supports Linux x86_64, MacOS, Arm64 V8 and Windows with bash.exe display: home_url: https://aws.amazon.com/cli source_url: https://github.com/CircleCI-Public/aws-cli-orb commands: install: description: Install the AWS CLI via Pip if not already installed. parameters: binary_dir: default: /usr/local/bin description: | The main aws program in the install directory is symbolically linked to the file aws in the specified path. Defaults to /usr/local/bin type: string disable_aws_pager: default: true description: | Set to false to skip forceful disabling of all AWS CLI output paging. type: boolean install_dir: default: /usr/local/aws-cli description: | Specify the installation directory of AWS CLI. Defaults to /usr/local/aws-cli type: string override_installed: default: false description: | By default, if the AWS CLI is detected on the system, the install will be skipped. Enable this to override the installed version and install your specified version. type: boolean use_brew: default: false description: | Set to true if you want to use the Homebrew CLI to install the awscli. Only compatible with the macOS executor. Defaults to false. When using brew, only the brew version is available. type: boolean version: default: latest description: | Select a specific version of the AWS v2 CLI. By default the latest version will be used. This value is ignored on Alpine, and the default version on the repositories is installed. type: string steps: - run: command: |- #!/bin/bash AWS_CLI_STR_AWS_CLI_VERSION="$(echo "${AWS_CLI_STR_AWS_CLI_VERSION}" | circleci env subst)" AWS_CLI_EVAL_INSTALL_DIR="$(eval echo "${AWS_CLI_EVAL_INSTALL_DIR}" | circleci env subst)" AWS_CLI_EVAL_BINARY_DIR="$(eval echo "${AWS_CLI_EVAL_BINARY_DIR}" | circleci env subst)" eval "$SCRIPT_UTILS" detect_os set_sudo # Install per platform if [ "$SYS_ENV_PLATFORM" = "linux" ] || [ "$SYS_ENV_PLATFORM" = "linux_alpine" ]; then eval "$SCRIPT_INSTALL_LINUX" elif [ "$SYS_ENV_PLATFORM" = "windows" ]; then eval "$SCRIPT_INSTALL_WINDOWS" elif [ "$SYS_ENV_PLATFORM" = "macos" ]; then eval "$SCRIPT_INSTALL_MACOS" else echo "This orb does not currently support your platform. If you believe it should, please consider opening an issue on the GitHub repository:" echo "https://github.com/CircleCI-Public/aws-cli-orb/issues/new" exit 1 fi Toggle_Pager(){ # Toggle AWS Pager if [ "$AWS_CLI_BOOL_DISABLE_PAGER" -eq 1 ]; then if [ -z "${AWS_PAGER+x}" ]; then echo 'export AWS_PAGER=""' >>"$BASH_ENV" echo "AWS_PAGER is being set to the empty string to disable all output paging for AWS CLI commands." echo "You can set the 'disable-aws-pager' parameter to 'false' to disable this behavior." fi fi } if [ "$AWS_CLI_STR_AWS_CLI_VERSION" = "latest" ]; then # shellcheck disable=SC3040 set +o pipefail CLI_COMPARISON_VERSION="$(wget -q -O - https://api.github.com/repos/aws/aws-cli/tags | grep '"name":' | head -n 1 | awk -F'"' '{print $4}')" echo "Latest is: $CLI_COMPARISON_VERSION" set -o pipefail else CLI_COMPARISON_VERSION="$AWS_CLI_STR_AWS_CLI_VERSION" fi if ! command -v aws >/dev/null 2>&1; then Install_AWS_CLI "${AWS_CLI_STR_AWS_CLI_VERSION}" elif aws --version | awk '{print $2}' | grep "${CLI_COMPARISON_VERSION}"; then echo "AWS CLI version ${CLI_COMPARISON_VERSION} already installed. Skipping installation" exit 0 elif [ "$AWS_CLI_BOOL_OVERRIDE" -eq 1 ]; then Uninstall_AWS_CLI Install_AWS_CLI "${AWS_CLI_STR_AWS_CLI_VERSION}" else echo "AWS CLI is already installed, skipping installation." aws --version fi Toggle_Pager environment: AWS_CLI_BOOL_DISABLE_PAGER: <<parameters.disable_aws_pager>> AWS_CLI_BOOL_OVERRIDE: <<parameters.override_installed>> AWS_CLI_EVAL_BINARY_DIR: <<parameters.binary_dir>> AWS_CLI_EVAL_INSTALL_DIR: <<parameters.install_dir>> AWS_CLI_STR_AWS_CLI_VERSION: <<parameters.version>> SCRIPT_INSTALL_LINUX: |- #!/bin/sh #shellcheck disable=SC1090 Install_AWS_CLI() { echo "Installing AWS CLI v2" cd /tmp || exit if [ "$SYS_ENV_PLATFORM" = "linux_alpine" ]; then apk update && apk upgrade && apk add -U curl apk --no-cache add binutils apk --no-cache add libcurl apk --no-cache upgrade libcurl apk --no-cache add aws-cli else if [ "$1" = "latest" ]; then version="" else version="-$1" fi PLATFORM=$(uname -m) curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-$PLATFORM$version.zip" -o "awscliv2.zip" unzip -q -o awscliv2.zip $SUDO ./aws/install -i "${AWS_CLI_EVAL_INSTALL_DIR}" -b "${AWS_CLI_EVAL_BINARY_DIR}" rm -r awscliv2.zip ./aws fi } Uninstall_AWS_CLI() { AWS_CLI_PATH=$(command -v aws) echo "$AWS_CLI_PATH" if [ -n "$AWS_CLI_PATH" ]; then EXISTING_AWS_VERSION=$(aws --version) echo "Uninstalling ${EXISTING_AWS_VERSION}" # shellcheck disable=SC2012 if [ -L "$AWS_CLI_PATH" ]; then AWS_SYMLINK_PATH=$(ls -l "$AWS_CLI_PATH" | sed -e 's/.* -> //') fi $SUDO rm -rf "$AWS_CLI_PATH" "$AWS_SYMLINK_PATH" "$HOME/.aws/" "/usr/local/bin/aws" "/usr/local/bin/aws_completer" "/usr/local/aws-cli" else echo "No AWS install found" fi } SCRIPT_INSTALL_MACOS: |- #!/bin/sh Install_AWS_CLI() { echo "Installing AWS CLI v$version" if [ "$USE_BREW" -eq 1 ]; then brew install "awscli" else if [ "$1" = "latest" ]; then version="" else version="-$1" fi cd /tmp || exit curl -o awscli.tar.gz "https://awscli.amazonaws.com/awscli$version.tar.gz" mkdir awscli tar -xzf awscli.tar.gz -C awscli --strip-components=1 rm awscli.tar.gz cd awscli || exit ./configure --with-download-deps make $SUDO make install fi } Uninstall_AWS_CLI() { AWS_CLI_PATH=$(command -v aws) echo "$AWS_CLI_PATH" if [ -n "$AWS_CLI_PATH" ]; then EXISTING_AWS_VERSION=$(aws --version) echo "Uninstalling ${EXISTING_AWS_VERSION}" # shellcheck disable=SC2012 if [ -L "$AWS_CLI_PATH" ]; then AWS_SYMLINK_PATH=$(ls -l "$AWS_CLI_PATH" | sed -e 's/.* -> //') fi $SUDO rm -rf "$AWS_CLI_PATH" "$AWS_SYMLINK_PATH" "$HOME/.aws/" "/usr/local/bin/aws" "/usr/local/bin/aws_completer" "/usr/local/aws-cli" else echo "No AWS install found" fi } SCRIPT_INSTALL_WINDOWS: |- #!/bin/sh Install_AWS_CLI(){ if [ "$1" = "latest" ]; then version="" else version="$1" fi echo "Installing AWS CLI v2" cd /tmp || exit if ! command -v choco >/dev/null 2>&1; then echo "Chocolatey is required to install AWS" exit 1 fi yes "Yes" | choco install -y awscli --version="$version" echo "Installing AWS CLI version $version" if echo "$1" | grep -e "^2\." -e "latest"; then echo "export PATH=\"\${PATH}:/c/Program Files/Amazon/AWSCLIV2\"" >> "$BASH_ENV" else echo "export PATH=\"\${PATH}:/c/Program Files/Amazon/AWSCLI/bin\"" >>"$BASH_ENV" fi } Uninstall_AWS_CLI() { if ! command -v choco >/dev/null 2>&1; then echo "Chocolatey is required to uninstall AWS" exit 1 fi choco uninstall awscli } SCRIPT_UTILS: "# shellcheck disable=SC2148\ndetect_os() { \n detected_platform=\"$(uname -s | tr '[:upper:]' '[:lower:]')\"\n\n case \"$detected_platform\" in\n linux*)\n if grep \"Alpine\" /etc/issue >/dev/null 2>&1; then\n printf '%s\\n' \"Detected OS: Alpine Linux.\"\n SYS_ENV_PLATFORM=linux_alpine\n else\n printf '%s\\n' \"Detected OS: Linux.\"\n SYS_ENV_PLATFORM=linux\n fi \n ;;\n darwin*)\n printf '%s\\n' \"Detected OS: macOS.\"\n SYS_ENV_PLATFORM=macos\n ;;\n msys*|cygwin*)\n printf '%s\\n' \"Detected OS: Windows.\"\n SYS_ENV_PLATFORM=windows\n ;;\n *)\n printf '%s\\n' \"Unsupported OS: \\\"$detected_platform\\\".\"\n exit 1\n ;;\n esac\n\n export SYS_ENV_PLATFORM\n}\n\nset_sudo(){\n if [ \"$SYS_ENV_PLATFORM\" = \"linux_alpine\" ]; then\n if [ \"$ID\" = 0 ]; then export SUDO=\"\"; else export SUDO=\"sudo\"; fi\n else\n if [ \"$EUID\" = 0 ]; then export SUDO=\"\"; else export SUDO=\"sudo\"; fi\n fi\n}" USE_BREW: <<parameters.use_brew>> name: Install AWS CLI - <<parameters.version>> role_arn_setup: description: | Create a new profile with role arn and source profile parameters: profile_name: description: Name of new profile associated with role arn. type: string role_arn: description: Role ARN that the profile should take. type: string source_profile: default: default description: Source profile containing credentials to assume the role with role_arn. type: string steps: - run: command: |+ #!/bin/sh AWS_CLI_STR_ROLE_ARN="$(echo "${AWS_CLI_STR_ROLE_ARN}" | circleci env subst)" AWS_CLI_STR_PROFILE_NAME="$(echo "${AWS_CLI_STR_PROFILE_NAME}" | circleci env subst)" AWS_CLI_STR_SOURCE_PROFILE="$(echo "${AWS_CLI_STR_SOURCE_PROFILE}" | circleci env subst)" if [ ! -f "${HOME}/.aws/credentials" ]; then echo "Credentials not found. Run setup command before role-arn-setup." exit 1 fi aws configure set profile."${AWS_CLI_STR_PROFILE_NAME}".role_arn "${AWS_CLI_STR_ROLE_ARN}" aws configure set profile."${AWS_CLI_STR_PROFILE_NAME}".source_profile "${AWS_CLI_STR_SOURCE_PROFILE}" environment: AWS_CLI_STR_PROFILE_NAME: <<parameters.profile_name>> AWS_CLI_STR_ROLE_ARN: <<parameters.role_arn>> AWS_CLI_STR_SOURCE_PROFILE: <<parameters.source_profile>> name: Configure role arn for profile <<parameters.profile_name>> setup: description: | Installs aws-cli and then configure and store AWS credentials in ~/.aws/credentials and ~/.aws/config. If role_session_name and role_arn are provided, it will attempt to use OIDC auth. parameters: aws_access_key_id: default: $AWS_ACCESS_KEY_ID description: | AWS access key id for IAM role. Set this to the name of the environment variable you will use to hold this value, i.e. AWS_ACCESS_KEY. type: string aws_secret_access_key: default: $AWS_SECRET_ACCESS_KEY description: | AWS secret key for IAM role. Set this to the name of the environment variable you will use to hold this value, i.e. AWS_SECRET_ACCESS_KEY. type: string binary_dir: default: /usr/local/bin description: | The main aws program in the install directory is symbolically linked to the file aws in the specified path. Defaults to /usr/local/bin type: string configure_default_region: default: true description: | Some AWS actions don't require a region; set this to false if you do not want to store a default region in ~/.aws/config Any AWS CLI command will default to this region if none is specified with the --region CLI parameter. type: boolean configure_profile_region: default: true description: | Boolean whether to configure the region for the custom (non-default) profile. The specified region will be used for AWS CLI commands executed under that specific profile using the --profile CLI parameter. type: boolean disable_aws_pager: default: true description: | Set to false to skip forceful disabling of all AWS CLI output paging. type: boolean install_dir: default: /usr/local/aws-cli description: | Specify the installation directory of AWS CLI. Defaults to /usr/local/aws-cli type: string override_installed: default: false description: | By default, if the AWS CLI is detected on the system, the install will be skipped. Enable this to override the installed version and install your specified version. type: boolean profile_name: default: default description: Profile name to be configured. type: string region: default: ${AWS_DEFAULT_REGION} description: | AWS region to operate in (defaults to env var of ${AWS_DEFAULT_REGION}) type: string role_arn: default: "" description: | The Amazon Resource Name (ARN) of the role that the caller is assuming. Role ARN must be configured for web identity. type: string role_session_name: default: ${CIRCLE_JOB} description: An identifier for the assumed role session type: string session_duration: default: "3600" description: The duration of the session in seconds type: string set_aws_env_vars: default: true description: | Write AWS keys generated from OIDC to a temporary file. Set to false if generating keys for multiple profiles. By default, the keys are written to $BASH_ENV. type: boolean use_brew: default: false description: | Set to true if you want to use brew to install the awscli. Only compatible with MacOs executor. Default to false. When using brew, only the brew version is available. type: boolean version: default: latest description: Select a specific version of the AWS v2 CLI. By default the latest version will be used. type: string steps: - install: binary_dir: <<parameters.binary_dir>> disable_aws_pager: <<parameters.disable_aws_pager>> install_dir: <<parameters.install_dir>> override_installed: <<parameters.override_installed>> use_brew: <<parameters.use_brew>> version: <<parameters.version>> - when: condition: and: - <<parameters.role_session_name>> - <<parameters.role_arn>> steps: - run: command: "#!/bin/sh\nAWS_CLI_STR_ROLE_SESSION_NAME=\"$(echo \"${AWS_CLI_STR_ROLE_SESSION_NAME}\" | circleci env subst)\"\nAWS_CLI_STR_ROLE_ARN=\"$(echo \"${AWS_CLI_STR_ROLE_ARN}\" | circleci env subst)\"\nAWS_CLI_STR_PROFILE_NAME=\"$(echo \"${AWS_CLI_STR_PROFILE_NAME}\" | circleci env subst)\"\nAWS_CLI_STR_REGION=\"$(echo \"${AWS_CLI_STR_REGION}\" | circleci env subst)\"\nAWS_CLI_INT_SESSION_DURATION=\"$(echo \"${AWS_CLI_INT_SESSION_DURATION}\" | circleci env subst)\"\nAWS_CLI_BOOL_SET_AWS_ENV_VARS=\"$(echo \"${AWS_CLI_BOOL_SET_AWS_ENV_VARS}\" | circleci env subst)\"\n\nAWS_CLI_STR_ROLE_SESSION_NAME=$(printf '%s' \"${AWS_CLI_STR_ROLE_SESSION_NAME}\" | tr -sC 'A-Za-z0-9=,.@_\\-' '-')\nAWS_CLI_STR_ROLE_SESSION_NAME=$(echo \"${AWS_CLI_STR_ROLE_SESSION_NAME}\" | cut -c -64)\n\nif [ -z \"${AWS_CLI_STR_ROLE_SESSION_NAME}\" ]; then\n echo \"Role session name is required\"\n exit 1\nfi\n\nif [ -z \"${CIRCLE_OIDC_TOKEN_V2}\" ]; then\n echo \"OIDC Token cannot be found.\"\n exit 1\nfi\n\nif [ ! \"$(command -v aws)\" ]; then\n echo \"AWS CLI is not installed. Please run the setup or install command first.\"\n exit 1\nfi\n\nif [ -n \"${AWS_CLI_STR_REGION}\" ]; then\n set -- \"$@\" --region \"${AWS_CLI_STR_REGION}\"\nfi\n\nread -r AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \\<<EOF\n$(aws sts assume-role-with-web-identity \\\n--role-arn \"${AWS_CLI_STR_ROLE_ARN}\" \\\n--role-session-name \"${AWS_CLI_STR_ROLE_SESSION_NAME}\" \\\n--web-identity-token \"${CIRCLE_OIDC_TOKEN_V2}\" \\\n--duration-seconds \"${AWS_CLI_INT_SESSION_DURATION}\" \\\n\"$@\" \\\n--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \\\n--output text)\nEOF\n\nif [ -z \"${AWS_ACCESS_KEY_ID}\" ] || [ -z \"${AWS_SECRET_ACCESS_KEY}\" ] || [ -z \"${AWS_SESSION_TOKEN}\" ]; then\n echo \"Failed to assume role\";\n exit 1\nelif [ \"${AWS_CLI_BOOL_SET_AWS_ENV_VARS}\" = 1 ]; then\n {\n # These are the original aws variables, and will be used when no profile is passed.\n echo \"export AWS_ACCESS_KEY_ID=\\\"${AWS_ACCESS_KEY_ID}\\\"\"\n echo \"export AWS_SECRET_ACCESS_KEY=\\\"${AWS_SECRET_ACCESS_KEY}\\\"\"\n echo \"export AWS_SESSION_TOKEN=\\\"${AWS_SESSION_TOKEN}\\\"\"\n # These are used for the configure script, which will use them to configure the profile\n echo \"export AWS_CLI_STR_ACCESS_KEY_ID=\\\"${AWS_ACCESS_KEY_ID}\\\"\"\n echo \"export AWS_CLI_STR_SECRET_ACCESS_KEY=\\\"${AWS_SECRET_ACCESS_KEY}\\\"\"\n echo \"export AWS_CLI_STR_SESSION_TOKEN=\\\"${AWS_SESSION_TOKEN}\\\"\"\n } >> \"$BASH_ENV\"\n\n echo \"AWS keys successfully written to BASH_ENV\"\nelse\n temp_file=\"/tmp/${AWS_CLI_STR_PROFILE_NAME}.keys\"\n touch \"$temp_file\"\n {\n echo \"export AWS_CLI_STR_ACCESS_KEY_ID=\\\"${AWS_ACCESS_KEY_ID}\\\"\"\n echo \"export AWS_CLI_STR_SECRET_ACCESS_KEY=\\\"${AWS_SECRET_ACCESS_KEY}\\\"\"\n echo \"export AWS_CLI_STR_SESSION_TOKEN=\\\"${AWS_SESSION_TOKEN}\\\"\"\n } >> \"$temp_file\"\n \n echo \"AWS keys successfully written to ${AWS_CLI_STR_PROFILE_NAME}.keys\"\nfi\n" environment: AWS_CLI_BOOL_SET_AWS_ENV_VARS: <<parameters.set_aws_env_vars>> AWS_CLI_INT_SESSION_DURATION: <<parameters.session_duration>> AWS_CLI_STR_PROFILE_NAME: <<parameters.profile_name>> AWS_CLI_STR_REGION: <<parameters.region>> AWS_CLI_STR_ROLE_ARN: <<parameters.role_arn>> AWS_CLI_STR_ROLE_SESSION_NAME: <<parameters.role_session_name>> name: Assume Role with Web Identity - run: command: "#!/bin/sh\n#shellcheck disable=SC1090\nAWS_CLI_STR_ACCESS_KEY_ID=\"$(echo \"$AWS_CLI_STR_ACCESS_KEY_ID\" | circleci env subst)\"\nAWS_CLI_STR_SECRET_ACCESS_KEY=\"$(echo \"$AWS_CLI_STR_SECRET_ACCESS_KEY\" | circleci env subst)\"\nAWS_CLI_STR_SESSION_TOKEN=\"$(echo \"$AWS_CLI_STR_SESSION_TOKEN\" | circleci env subst)\"\nAWS_CLI_STR_REGION=\"$(echo \"$AWS_CLI_STR_REGION\" | circleci env subst)\"\nAWS_CLI_STR_PROFILE_NAME=\"$(echo \"$AWS_CLI_STR_PROFILE_NAME\" | circleci env subst)\"\nAWS_CLI_BOOL_SET_AWS_ENV_VARS=\"$(echo \"$AWS_CLI_BOOL_SET_AWS_ENV_VARS\" | circleci env subst)\"\nAWS_CLI_STR_ROLE_ARN=\"$(echo \"${AWS_CLI_STR_ROLE_ARN}\" | circleci env subst)\"\n\nif [ \"$AWS_CLI_BOOL_SET_AWS_ENV_VARS\" = 0 ]; then \n temp_file=\"/tmp/${AWS_CLI_STR_PROFILE_NAME}.keys\"\n . \"$temp_file\"\nelse \n touch \"${BASH_ENV}\"\n . \"${BASH_ENV}\"\nfi\naws configure set aws_access_key_id \\\n \"$AWS_CLI_STR_ACCESS_KEY_ID\" \\\n --profile \"$AWS_CLI_STR_PROFILE_NAME\"\n\naws configure set aws_secret_access_key \\\n \"$AWS_CLI_STR_SECRET_ACCESS_KEY\" \\\n --profile \"$AWS_CLI_STR_PROFILE_NAME\"\n\nif [ -n \"${AWS_CLI_STR_ROLE_ARN}\" ]; then\n aws configure set aws_session_token \\\n \"${AWS_CLI_STR_SESSION_TOKEN}\" \\\n --profile \"$AWS_CLI_STR_PROFILE_NAME\"\nfi\n\nif [ \"$AWS_CLI_BOOL_CONFIG_DEFAULT_REGION\" -eq \"1\" ]; then\n aws configure set default.region \"$AWS_CLI_STR_REGION\"\nfi\n\nif [ \"$AWS_CLI_BOOL_CONFIG_PROFILE_REGION\" -eq \"1\" ]; then\n aws configure set region \"$AWS_CLI_STR_REGION\" \\\n --profile \"$AWS_CLI_STR_PROFILE_NAME\"\nfi\n" environment: AWS_CLI_BOOL_CONFIG_DEFAULT_REGION: <<parameters.configure_default_region>> AWS_CLI_BOOL_CONFIG_PROFILE_REGION: <<parameters.configure_profile_region>> AWS_CLI_BOOL_SET_AWS_ENV_VARS: <<parameters.set_aws_env_vars>> AWS_CLI_STR_ACCESS_KEY_ID: <<parameters.aws_access_key_id>> AWS_CLI_STR_PROFILE_NAME: <<parameters.profile_name>> AWS_CLI_STR_REGION: <<parameters.region>> AWS_CLI_STR_ROLE_ARN: <<parameters.role_arn>> AWS_CLI_STR_SECRET_ACCESS_KEY: <<parameters.aws_secret_access_key>> name: Configure AWS Access Key ID executors: default: description: | A base Ubuntu Docker image built to run on CircleCI docker: - image: cimg/base:<<parameters.tag>> parameters: tag: default: current description: | Select your version or any of the available tags here: https://hub.docker.com/r/cimg/base. type: string examples: configure_role_arn: description: | Configure a new profile to assume a role defined by a role_arn. Must first authenticate with OIDC or static AWS Keys stored as environment variables in CircleCI. usage: version: "2.1" orbs: aws-cli: circleci/aws-cli@5.1 jobs: configure_role_arn: executor: aws-cli/default steps: - checkout - aws-cli/setup: profile_name: default - aws-cli/role_arn_setup: profile_name: new-profile role_arn: arn:aws:iam::123456789012:role/example-role source_profile: default - run: aws sts assume-role --role_arn "arn:aws:iam::123456789012:role/example-role" --role_session_name AWSCLI-Session workflows: aws-cli: jobs: - configure_role_arn install_aws_cli: description: Easily install and configure the AWS CLI automatically in your jobs or commands. usage: version: "2.1" orbs: aws-cli: circleci/aws-cli@5.1 jobs: aws-cli-example: executor: aws-cli/default steps: - checkout - aws-cli/setup: profile_name: example - run: echo "Run your code here" workflows: aws-cli: jobs: - aws-cli-example: context: aws install_aws_cli_with_web_identity: description: | Setup the AWS CLI and configure with Web Identity. Assume roles on AWS without storing keys on CircleCI and utilize short-term credentials instead. For more information, see the CircleCI OIDC docs: https://circleci.com/docs/2.0/openid-connect-tokens usage: version: "2.1" orbs: aws-cli: circleci/aws-cli@5.1 jobs: aws-cli-example: executor: aws-cli/default steps: - checkout - aws-cli/setup: profile_name: WEB IDENTITY PROFILE role_arn: arn:aws:iam::123456789012:role/WEB-IDENTITY-ROLE role_session_name: example-session - run: echo "Run your code here" workflows: aws-cli: jobs: - aws-cli-example: context: aws
Developer Updates
Get tips to optimize your builds
Or join our research panel and give feedback
By submitting this form, you are agreeing to ourTerms of UseandPrivacy Policy.