AWS Permissions are gone, but the values are still available in build environment

One workaround for this issue is described here:

However, this is very confusing and hard to troubleshoot.

The issue:

  • I configure AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as project environment variables, but the values in the build are not the ones I set.
  • Tried the same with the org context: same result.

The env variables available during build are NOT the ones I set.

The reason (probably): CircleCI V1.0 used to have “AWS Permissions” page where those values are set. Our org/project had these set there before the page was removed. After the page was removed from the CircleCI UI, the values are still passed into the build environment and they override the environment variables configured at the project level.

There is no way to remove that old configuration now.

1 Like

Hi Alex. This seems possible, investigating.

1 Like

Thanks for looking into this.

The following workaround did work for us:

- run: AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID_TEMP AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY_TEMP aws s3 sync ./assets/ s3://fake-bucket-name/assets
- run: AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID_TEMP AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY_TEMP aws s3 sync ./packs/ s3://fake-bucket-name/packs

Basically, I added AWS_ACCESS_KEY_ID_TEMP and AWS_SECRET_ACCESS_KEY_TEMP as environment variables and then explicitly set them before the AWS CLI command.

1 Like

I’m glad you found a workaround. I still believe this is a bug and we are trying to figure out the best way to clear those old configs (or if maybe that AWS page wasn’t as 1.0-only as we though.

1 Like

I confirm the problem is present even if you pick version: 2.1.

Hi, I’m also facing the same issue.
I tried to rotate AWS keys. When searching my environment config the old AWS keys are not there anymore. I remember setting up a Context (which still exists) but appeared now empty.

If I configure new AWS environment variables in the same Context the old key is still used.
There is no trace of the old keys, I’m sure I setup the old key (that is still used) on 2018-12-18. I suppose that the “AWS Permissions” panel was already disabled at that time.

I have a paid plan.
Is there a way we can get notified on the bug status or shall I open a support ticket?

Opening a ticket is the best way to get updates. Does Alex’s workaround in post AWS Permissions are gone, but the values are still available in build environment - #4 by aspushkinus work for you in the meanwhile?

I can confirm @ aspushkinus’s workaround worked for me.

You can still access this page directly to clear them out https://circleci.com/gh/:ORG/:REPO/edit#aws

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.