1. l060ki/aws-configure-with-oidc@0.2.0

l060ki/aws-configure-with-oidc@0.2.0

Sections
Authenticate with AWS using OIDC and assume a role.
Created: March 29, 2022Version Published: December 9, 2024Releases: 6
Org Usage:
< 25
Categories:

Orb Quick Start Guide

Use CircleCI version 2.1 at the top of your .circleci/config.yml file.

1 version: 2.1

Add the orbs stanza below your version, invoking the orb:

1 2 orbs: aws-configure-with-oidc: l060ki/aws-configure-with-oidc@0.2.0

Use aws-configure-with-oidc elements in your existing workflows and jobs.

Opt-in to use of uncertified orbs on your organization’s Security settings page.

Usage Examples

assume-role

Configure AWS Credentials using OIDC

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 version: '2.1' orbs: aws-cli: circleci/aws-cli@2.1.0 aws-configure-with-oidc: l060ki/aws-configure-with-oidc@0.1.2 jobs: build: docker: - image: cimg/python:3.10 environment: AWS_REGION: ap-northeast-1 steps: - aws-configure-with-oidc/assume-role: role-arn: AWS_IAM_ROLE_ARN - run: command: | aws sts get-caller-identity name: null workflows: build-and-test: jobs: - build: context: - aws-oidc-deploy

Commands

assume-role

Authenticate with AWS using OIDC and assume a role.

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
duration-second
The duration, in seconds, of the role session
No
900
integer
role-arn
The Amazon Resource Name (ARN) of the role that the caller is assuming
No
AWS_IAM_ROLE_ARN
env_var_name

Executors

default

Show executor Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
python-version
-
No
'3.10'
string

Orb Source

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 # This code is licensed from CircleCI to the user under the MIT license. # See here for details: https://circleci.com/developer/orbs/licensing version: 2.1 description: | Authenticate with AWS using OIDC and assume a role. display: source_url: https://github.com/1060ki/aws-configure-with-oidc orbs: aws-cli: circleci/aws-cli@2.1.0 commands: assume-role: description: | Authenticate with AWS using OIDC and assume a role. parameters: duration-second: default: 900 description: The duration, in seconds, of the role session type: integer role-arn: default: AWS_IAM_ROLE_ARN description: The Amazon Resource Name (ARN) of the role that the caller is assuming type: env_var_name steps: - aws-cli/install - run: command: | PARAM_ROLE_ARN=$(eval echo "\$$PARAM_ROLE_ARN") # SEE: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/assume-role-with-web-identity.html credentials=$(aws sts assume-role-with-web-identity \ --role-arn "${PARAM_ROLE_ARN}" \ --web-identity-token "${CIRCLE_OIDC_TOKEN_V2}" \ --role-session-name "CircleCI" \ --duration-seconds "${PARAM_DURATION_SECOND}" \ --query "Credentials" \ --output "json") { echo "export AWS_ACCESS_KEY_ID=\"$(echo "$credentials" | jq -r '.AccessKeyId')\"" echo "export AWS_SECRET_ACCESS_KEY=\"$(echo "$credentials" | jq -r '.SecretAccessKey')\"" echo "export AWS_SESSION_TOKEN=\"$(echo "$credentials" | jq -r '.SessionToken')\"" } >> "${BASH_ENV}" environment: PARAM_DURATION_SECOND: <<parameters.duration-second>> PARAM_ROLE_ARN: <<parameters.role-arn>> name: Configure aws credential executors: default: docker: - image: cimg/python:<<parameters.python-version>> parameters: python-version: default: "3.10" type: string examples: assume-role: description: Configure AWS Credentials using OIDC usage: version: "2.1" orbs: aws-cli: circleci/aws-cli@2.1.0 aws-configure-with-oidc: l060ki/aws-configure-with-oidc@0.1.2 jobs: build: docker: - image: cimg/python:3.10 environment: AWS_REGION: ap-northeast-1 steps: - aws-configure-with-oidc/assume-role: role-arn: AWS_IAM_ROLE_ARN - run: command: | aws sts get-caller-identity name: null workflows: build-and-test: jobs: - build: context: - aws-oidc-deploy
Developer Updates
Get tips to optimize your builds
Or join our research panel and give feedback
By submitting this form, you are agreeing to ourTerms of UseandPrivacy Policy.