Different AWS Keys per environment

aws

#1

I have three different environments that I deploy too (dev, stg, prod) and each environment has it’s own set of AWS keys and I’d like to set them in CircleCI, but can’t seem to find where to do that.


#2

Thanks so much for your question.

The UI for quickly adding access keys found here https://circleci.com/gh/$ORG/$REPO/edit#aws only supports being able to add one set of keys in.

If you need to have multiple credentials, the best way to handle this would be by using Environment Variables.

For instance you can add via the UI (they will be encrypted) here: https://circleci.com/gh/$ORG/$REPO/edit#env-vars

AWS_DEV_ID
AWS_DEV_KEY
AWS_PROD_ID
AWS_PROD_KEY

Then, during the deployment steps you just use those ENVARS in your scripts.


Multiple Service Account Keys
#3

Hi Guys,

did you manage to solve this?
I’m trying this method and using the variables like this:
deployment:
staging:
branch: master
commands:
- export AWS_ACCESS_KEY_ID={AWS_STAGING_ID} - export AWS_SECRET_ACCESS_KEY={AWS_STAGING_KEY}
- eval $(aws ecr get-login --region eu-west-2)
- docker tag docker-repo-rul
- docker push docker-repo-url

But the eval command it’s failing to authenticate to aws.

Thanks,
Isaac


#4

Im having the same issue. Any update on this or a post on how to accurately insert AWS env variables into the deployment section?


#5

Isaacpm: each command runs in a separate shell, thus the variables are forgotten.

You can create the profile in circle like so:

aws configure --profile staging set region eu-west-2
aws configure --profile staging set access_key whatever
aws configure --profile staging set scret_key whatever
aws configure --profile staging list  # Get confirmation it worked in your logs 

(See aws configure help for details.)

However, aws ecr get-login is going to require being run in the same shell as the docker commands.

Either put them into their own file or in a longer block in the circle.yml file.


#6

Hi,
I’m trying to use separate profiles for staging and production but I couldn’t manage to make it work.
I try to set up the AWS credentials by running a shel script or in a big run command but in both cases didn’t worked.
The error I’m receiving is: Unable to locate credentials. You can configure credentials by running “aws configure”.

My code in the shel script

if [ "$CIRCLE_BRANCH" == "master" ]; then
    AWS_ACCESS_KEY_ID=${PRODUCTION_AWS_ACCESS_KEY_ID}
    AWS_SECRET_ACCESS_KEY=${PRODUCTION_AWS_SECRET_ACCESS_KEY}
else
    AWS_ACCESS_KEY_ID=${STAGING_AWS_ACCESS_KEY_ID}
    AWS_SECRET_ACCESS_KEY=${STAGING_AWS_SECRET_ACCESS_KEY}
fi

aws configure --profile ${AWS_PROFILE} set aws_access_key_id ${AWS_ACCESS_KEY_ID}
aws configure --profile ${AWS_PROFILE} set aws_secret_access_key ${AWS_SECRET_ACCESS_KEY}
aws configure --profile  ${AWS_PROFILE} list

The YML version:

- run:
  name: Set AWS Credentials
  command: |
    echo 'aws configure --profile staging set aws_access_key_id $STAGING_AWS_ACCESS_KEY_ID'
    echo 'aws configure --profile staging set aws_secret_access_key $STAGING_AWS_SECRET_ACCESS_KEY'
    echo 'aws configure --profile staging list'

Any idea on how can I use multiple AWS profiles?
Thanks.


#7

Actually, was my fault. I forgot to use --profile ${AWS_PROFILE} when I run the AWS CLI command after setting the AWS profile credential.
I’m using the following command in a shel script and is workign:

if [ "$CIRCLE_BRANCH" == "master" ]; then
    AWS_PROFILE=${PRODUCTION_AWS_PROFILE}
    AWS_REGION=${PRODUCTION_AWS_REGION}
    AWS_ACCESS_KEY_ID=${PRODUCTION_AWS_ACCESS_KEY_ID}
    AWS_SECRET_ACCESS_KEY=${PRODUCTION_AWS_SECRET_ACCESS_KEY}
else
    AWS_PROFILE=${STAGING_AWS_PROFILE}
    AWS_REGION=${STAGING_AWS_REGION}
    AWS_ACCESS_KEY_ID=${STAGING_AWS_ACCESS_KEY_ID}
    AWS_SECRET_ACCESS_KEY=${STAGING_AWS_SECRET_ACCESS_KEY}
fi

aws configure --profile ${AWS_PROFILE} set aws_access_key_id ${AWS_ACCESS_KEY_ID}
aws configure --profile ${AWS_PROFILE} set aws_secret_access_key ${AWS_SECRET_ACCESS_KEY}
aws configure --profile ${AWS_PROFILE} set region ${AWS_REGION}

#8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.