Assuming an AWS Role in CI/CD
1ROLE_UUID=$(uuidgen)
2TMPFILE=$(mktemp) || exit 1
3export aws_region=${AWS_REGION}
4
5aws sts assume-role --role-arn arn:aws:iam::0123456789:role/publisher-role --role-session-name role_$ROLE_UUID > $TMPFILE
6
7if [ ! -s $TMPFILE ]; then
8 echo "!!! AWS Credentials file empty !!!"
9 exit 1
10fi
11
12export AWS_ACCESS_KEY_ID=$(cat $TMPFILE | jq -r ."Credentials"."AccessKeyId")
13export AWS_SECRET_ACCESS_KEY=$(cat $TMPFILE | jq -r ."Credentials"."SecretAccessKey")
14export AWS_SESSION_TOKEN=$(cat $TMPFILE | jq -r ."Credentials"."SessionToken")
15export AWS_DEFAULT_REGION=$aws_region
Assume role doesn’t export the new AWS credentials, so we need to export the new variable values ourselves