Is there support for aws credential profiles? I would like to be able to use different aws credentials based on git branch name during the deployment step. It seems there is only support via the UI for adding a single set of AWS credentials.
joshwils82 since you haven’t had a reply to this, can I ask how you resolved it?
AWS CodeDeploy with CircleCI 2.0?
Right now we are just using environment variables to store the credentials and then setting up the credentials files ourselves:
mkdir ~/.aws echo -e "[default]\naws_access_key_id=$AWS_ACCESS_KEY_ID_PROD\naws_secret_access_key=$AWS_SECRET_ACCESS_KEY_PROD\n" > ~/.aws/credentials
I know its an old topic, but I’ve just had to find a work around it so I think it’s still relevant.
I found that AWS allows for multiple profiles to be added to ~/.aws/credentials so using environment variables stored in Circle, as joshwils82 suggests, I create profiles for each environment required and then run a bash script as part of the dependencies hook to append the data. Something like:
[uat] aws_access_key_id = $AWS_ACCESS_KEY_ID_UAT aws_secret_access_key = $AWS_SECRET_ACCESS_KEY_UAT [production] aws_access_key_id = $AWS_ACCESS_KEY_ID_PRODUCTION aws_secret_access_key = $AWS_SECRET_ACCESS_KEY_PRODUCTION
If you have provided a key and Id through the Circle UI, this is set as the [default] profile.
Any time I want to run aws cli I pass the --profile argument with the relevant profile. My specific requirement was to find some information about an EC2 instance during the deployment hook:
deployment: release: branch: /release-.*/ commands: - sh lib/bash/describe_instance.sh uat - bundle exec cap staging deploy
profile = "default" if [[ $1 ]]; profile = $1; fi aws ec2 --profile $profile --region eu-west-1 describe-instances