-
Notifications
You must be signed in to change notification settings - Fork 133
/
Copy pathbuildspec_publish_ssm.yml
27 lines (25 loc) · 1.05 KB
/
buildspec_publish_ssm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
version: 0.2
phases:
install:
runtime-versions:
golang: 1.13
python: 3.x
pre_build:
commands:
- echo Publish SSM parameters
build:
commands:
# Enforce STS regional endpoints
- export AWS_STS_REGIONAL_ENDPOINTS=regional
- './scripts/publish.sh cicd-publish-ssm ${AWS_REGION}'
# Assume role to verify, get the credentials, and set them as environment variables.
# Verification should be done using the credentials from a different account. It ensures that
# the ssm parameters we published are public and accessible from any account.
- CREDS=`aws sts assume-role --role-arn ${VERIFY_ROLE_ARN} --role-session-name ${AWS_REGION} --region ${AWS_REGION}`
- export AWS_ACCESS_KEY_ID=`echo $CREDS | jq -r .Credentials.AccessKeyId`
- export AWS_SECRET_ACCESS_KEY=`echo $CREDS | jq -r .Credentials.SecretAccessKey`
- export AWS_SESSION_TOKEN=`echo $CREDS | jq -r .Credentials.SessionToken`
- './scripts/publish.sh cicd-verify-ssm ${AWS_REGION}'
artifacts:
files:
- '**/*'