Skip to content

Frogvall/aws-deployer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
aws-deployer-docker
aws-deployer-docker
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
assume.sh
assume.sh
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

Docker status

AWS Deployer Docker Image

This repository contains Docker image for running AWS cli commands that assumes a IAM role baked into one cli command. They can be useful for deploying AWS CloudFormation templates in e.g. a build server where the build server need to assume some other role to deploy.

How to use

Displaying help.

> docker run -it scaniadevtools/aws-deployer --help
  assume [-h|--help] [-v|--version] -a|--account <aws account number> [-r|--role <IAM role>] [-p|--profile <aws cli profile name>] []

  Assumes a role in the specified AWS account and creates temporary credentials in the named profile.
    -h|--help      prints this help
    -v|--version   prints the current version of this script
    -a|--account   the AWS account number to deploy to. (mandatory)
    -r|--role      the IAM role to assume
    -p|--profile   the name of the resulting aws cli profile to use

Displaying script version.

> docker run -it scaniadevtools/aws-deployer --version
  assume version 1.0.0

Assuming an AWS role. (Main use case)

In this example the command:

assume --account 123456789012 --profile assumed-profile

is used in a Gitlab .gitlab-ci.yml file for CI/CD. The Gitlab project contains an AWS CloudFormation template named cloudformation-template.yml that is validated in the AWS account 123456789012 by assuming the arn:aws:iam::123456789012:role/DeployRole role that exist in the specified AWS account and have cloudformation:ValidateTemplate permissions. The temporary credentials resulting from the assume command are stored in an AWS profile named assumed-profile.

.gitlab-ci.yml:

image: scaniadevtools/docker-aws-deployer

stages:
  - validate-template 

validate-template-in-account-123456789012: 
  stage: validate-template

  before_script:
    - assume --account 123456789012 --profile assumed-profile
  script:
    - aws cloudformation validate-template --template-body file://cloudformation-template.yml --region eu-west-1 --profile assumed-profile

The account number (123456789012 in this example) can be located in the AWS console when logged into the account by selecting "Support"->"Support Center" in the menu.

Start a bash session inside the container.

Starting a bash session in the container can be useful for debugging purposes.

   > docker run -it scaniadevtools/aws-deployer bash
   bash-4.3#

Links

Docker image on Dockerhub

Happy Hacking

Scania Devtools Team

Want to contribute?

Go to the CONTRIBUTING page.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages