You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The WithAwsPlugin currently only supports specifying the role (ARN) parameter for the underlying withAws pipeline step.
This results in credentials that are only valid for 1 hour, and problematic issues with long-running operations like creating RDS read instances... at worst, if using S3 remote state, a single operation that takes longer than an hour results in the credentials expiring and not being able to update the state file. This means the state file is out of sync, and may result in orphaned resources.
The simple fix here would be to allow withRole to take an optional integer duration parameter which is passed on to withAws(). Even better would be to allow withRole to accept any additional parameters (e.g. externalId, roleSessionName, etc.) that withAws() accepts, and pass them through to the underlying withAws() call.
(Opening this issue for a colleague, I didn't experience it myself.)
The text was updated successfully, but these errors were encountered:
jantman
added a commit
to jantman/terraform-pipeline
that referenced
this issue
Nov 1, 2022
The WithAwsPlugin currently only supports specifying the
role
(ARN) parameter for the underlying withAws pipeline step.This results in credentials that are only valid for 1 hour, and problematic issues with long-running operations like creating RDS read instances... at worst, if using S3 remote state, a single operation that takes longer than an hour results in the credentials expiring and not being able to update the state file. This means the state file is out of sync, and may result in orphaned resources.
The simple fix here would be to allow
withRole
to take an optional integer duration parameter which is passed on towithAws()
. Even better would be to allowwithRole
to accept any additional parameters (e.g.externalId
,roleSessionName
, etc.) thatwithAws()
accepts, and pass them through to the underlyingwithAws()
call.(Opening this issue for a colleague, I didn't experience it myself.)
The text was updated successfully, but these errors were encountered: