v3.1.0 - AWS Web Identity Support using CIRCLE_OIDC token
What's Changed
- feat: v3.1.0 by @brivu in https://github.com/CircleCI-Public/aws-cli-orb/pull103
This minor version update includes the following changes:
Added Commands
assume-role-with-web-identity
- This command generates short lived AWS keys using OpenID Connect. You use an IAM OIDC identity provider to establish trust between CircleCI and your AWS account when running jobs. Creating a Web Identity based role-arn
that's compatible with OpenID Connect in AWS IAM is required.
Added Features
setup
command now includes assume-role-with-web-identity
command. The setup command installs the aws cli
and runs the assume-role-with-web-identity
command if the role-session-id
and role-arn
parameters are passed. If not, a profile is configured with the AWS_SECRET_KEY_ID
and AWS_SECRET_ACCESS_KEY
that are passed as environment variables.
Added Parameters
assume-role-with-web-identity
command has the following parameters
role-arn
: The Amazon Resource Name (ARN) of the role that the caller is assuming. Role ARN must be configured for web identity in this command.role-session-name
: An identifier for the assumed role session. It must be less than 64 characterssession-duration
: The duration of the session in seconds. It defaults to 3600 seconds (1 hour).profile-name
: The profile name to be configured with Web Identity
Usage Example
description: |
Setup the AWS CLI and configure with Web Identity.
Assume roles on AWS without storing keys on CircleCI and utilize short-term credentials instead.
For more information, see the CircleCI OIDC docs: https://circleci.com/docs/2.0/openid-connect-tokens
usage:
version: 2.1
orbs:
aws-cli: circleci/aws-cli@3.1
jobs:
aws-cli-example:
executor: aws-cli/default
steps:
- checkout
- aws-cli/setup:
profile-name: WEB IDENTITY PROFILE
role-arn: arn:aws:iam::123456789012:role/WEB-IDENTITY-ROLE
role-session-name: example-session
- run: echo "Run your code here"
workflows:
aws-cli:
jobs:
- aws-cli-example:
context: aws
Full Changelog: v3.0.0...v3.1.0