Support for AWS Credentials Profiles


#1

Is there support for aws credential profiles? I would like to be able to use different aws credentials based on git branch name during the deployment step. It seems there is only support via the UI for adding a single set of AWS credentials.


#2

joshwils82 since you haven’t had a reply to this, can I ask how you resolved it?


AWS CodeDeploy with CircleCI 2.0?
#3

Right now we are just using environment variables to store the credentials and then setting up the credentials files ourselves:

mkdir ~/.aws echo -e "[default]\naws_access_key_id=$AWS_ACCESS_KEY_ID_PROD\naws_secret_access_key=$AWS_SECRET_ACCESS_KEY_PROD\n" > ~/.aws/credentials


#4

I know its an old topic, but I’ve just had to find a work around it so I think it’s still relevant.

I found that AWS allows for multiple profiles to be added to ~/.aws/credentials so using environment variables stored in Circle, as joshwils82 suggests, I create profiles for each environment required and then run a bash script as part of the dependencies hook to append the data. Something like:

[uat]
aws_access_key_id = $AWS_ACCESS_KEY_ID_UAT
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY_UAT
[production]
aws_access_key_id = $AWS_ACCESS_KEY_ID_PRODUCTION
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY_PRODUCTION

If you have provided a key and Id through the Circle UI, this is set as the [default] profile.

Any time I want to run aws cli I pass the --profile argument with the relevant profile. My specific requirement was to find some information about an EC2 instance during the deployment hook:

circle.yml

deployment:
    release:
        branch: /release-.*/
        commands:
            - sh lib/bash/describe_instance.sh uat
            - bundle exec cap staging deploy

lib/bash/describe_instance.sh uat

profile = "default"
if [[ $1 ]]; profile = $1; fi

aws ec2 --profile $profile --region eu-west-1 describe-instances

#5