AWS CLI Keys after August 31st

awscli
aws

#1

When I go to edit my AWS keys under “AWS Permissions” in my project, I see a message: “After August 31, 2018, these project settings will no longer be available. Please migrate to CircleCI 2.0.”

I see that this issue was raised in a previous topic here, but the CircleCI rep claimed this functionality is forthcoming, with no follow up if it was ever integrated. All documentation I can find points to the settings I noted above.

How else should I provide AWS CLI credentials if these settings are deprecated?


#2

You can just set your credentials as private environment variables. That’s basically what they were anyway. You just need to enter them manually in your project’s Settings page or your org’s context page.


#3

that doesn’t really answer the question, except in very vague terms and in language that doesn’t match what’s in the circleci web ui. exactly where will these permissions be set in the future? can we migrate now instead of waiting until the last minute?


#4

No problem, let me be more descriptive here.

The solution to this issue is to go to your project’s Settings Page, click Environment Variables, and then create the following environment variables:

Name: AWS_ACCESS_KEY_ID
Value: your AWS access key

Name: AWS_SECRET_ACCESS_KEY
Value: your AWS secret key

Our Doc on Private Environment Variables can be found here

This provides auth to the AWS CLI (which you’d need installed in your CircleCI 2.0 build) for this specific project. You can also provide the AWS creds across an entire org via CircleCI Contexts.

Either method, project specific private environment variables, or org level environment variables via Context, can be used right now on CircleCI 2.0. No need to wait for the EOL.


#5

i think my confusion here is that Private Environment Variables are just Environment Variables?


#6

Yes but their value is configured via the CircleCI webapp which is how they are private. Setting them via the config file is also possible, but then they would be public (to the repo).


#7

the issue then seems to be that last i checked, you can’t migrate your credentials away from the AWS permissions page. the environment variables were completely unused…


#8

@worcI had the same issue, I manage to fix it by creating the env with a different name and then use it in the command, like this:

- deploy:
      name: deploy
      command: |
        . venv/bin/activate

        AWS_ACCESS_KEY_ID=$ACCESS AWS_SECRET_ACCESS_KEY=$KEY AWS_DEFAULT_REGION=$REGION aws s3 ls

closed #9

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.