Hello,
I’ve followed the steps at Using OpenID Connect identity tokens to authenticate jobs with cloud providers | CircleCI to setup a pipeline that would use AWS OIDC to assume an AWS role.
My config looks like this:
version: 2.1
parameters:
target_tag:
type: string
default: ""
orbs:
aws-ecr: circleci/aws-ecr@8.2.1
aws-ecs: circleci/aws-ecs@3.2
aws-cli: circleci/aws-cli@3.1
jobs:
oicd-login:
executor: aws-cli/default
steps:
- aws-cli/install
- aws-cli/setup:
role-arn: "<my role arn that uses CircleCI OIDC connector>"
aws-region: AWS_REGION
profile-name: "OIDC-PROFILE"
role-session-name: “deployment-session”
session-duration: "1800"
workflows:
build-and-deploy:
jobs:
- oicd-login:
context:
- my-context
Now, my build and deploy which currently contains just the oicd login job fails with “OIDC Token cannot be found. A CircleCI context must be specified.”. What am I missing here? It looks to be the same as per tutorial, as the install steps ensures aws cli is available. Logs are showing that the orb would try to do the assume role bit but it’s missing the “CIRCLE_OIDC_TOKEN” variable which it’s supposed to exist?