Is there support for aws credential profiles? I would like to be able to use different aws credentials based on git branch name during the deployment step. It seems there is only support via the UI for adding a single set of AWS credentials.
3 Likes
joshwils82 since you haven’t had a reply to this, can I ask how you resolved it?
Right now we are just using environment variables to store the credentials and then setting up the credentials files ourselves:
mkdir ~/.aws echo -e "[default]\naws_access_key_id=$AWS_ACCESS_KEY_ID_PROD\naws_secret_access_key=$AWS_SECRET_ACCESS_KEY_PROD\n" > ~/.aws/credentials
I know its an old topic, but I’ve just had to find a work around it so I think it’s still relevant.
I found that AWS allows for multiple profiles to be added to ~/.aws/credentials so using environment variables stored in Circle, as joshwils82 suggests, I create profiles for each environment required and then run a bash script as part of the dependencies hook to append the data. Something like:
[uat]
aws_access_key_id = $AWS_ACCESS_KEY_ID_UAT
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY_UAT
[production]
aws_access_key_id = $AWS_ACCESS_KEY_ID_PRODUCTION
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY_PRODUCTION
If you have provided a key and Id through the Circle UI, this is set as the [default] profile.
Any time I want to run aws cli I pass the --profile argument with the relevant profile. My specific requirement was to find some information about an EC2 instance during the deployment hook:
circle.yml
deployment:
release:
branch: /release-.*/
commands:
- sh lib/bash/describe_instance.sh uat
- bundle exec cap staging deploy
lib/bash/describe_instance.sh uat
profile = "default"
if [[ $1 ]]; profile = $1; fi
aws ec2 --profile $profile --region eu-west-1 describe-instances