AccessDenied calling AssumeRole running test against AWS


I’m a circleci newbie and I unfortunately can’t get integration-tests with AWS working on my repo. I get “ClientError: An error occurred (AccessDenied) when calling the AssumeRole operation: Access denied”[1]

I’ve setup an AWS role with AdministratorAccess (AWSIAMCfServiceRole-G6D9A4O1XH2B) and created a user that can assume that role. This works just fine when using the aws cli, like so…

aws --profile sandbox sts assume-role --role-arn arn:aws:iam::XXXXXXXXX:role/bootstrap-AWSIAMCfServiceRole-G6D9A4O1XH2B --role-session-name my-test-role

The problem with circleci is that I don’t see a way to specify the role-arn. Would I need to setup a “Automating the STS access” script[2]?

The other problem I noticed is maybe there is an issue with environment variables[discussion topic AWS CLI Keys after August 31st] not working? I do have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars setup in my circle CI account.