Add initial config profile writer sample #557
Conversation
| function exportCredentialsToConfig(profile, params) { | ||
| const awsConfigFile = "~/.aws/config"; | ||
| if (fs.existsSync(awsConfigFile)) { | ||
| var config = ini.parse(fs.readFileSync(awsConfigFile, "utf-8")); | ||
| } else { | ||
| var config = {}; | ||
| } | ||
|
|
||
| // Initialize the configuration object | ||
| const profileName = `profile ${profile}`; | ||
| config[profileName] = {}; | ||
|
|
||
| // Configure the AWS CLI and AWS SDKs using environment variables and set them as secrets. | ||
| // Setting the credentials as secrets masks them in Github Actions logs | ||
| const { webIdentityTokenFile, roleArn, regionName } = params; | ||
|
|
||
| // web_identity_token_file: | ||
| // Specifies a web identity token file location | ||
| config[profileName].web_identity_token_file = webIdentityTokenFile; | ||
|
|
||
| // role_arn: | ||
| // Specifies the role to assume by this profile | ||
| config[profileName].role_arn = roleArn; | ||
|
|
||
| // region: | ||
| // Specifies the region for this profile | ||
| config[profileName].region = regionName; | ||
|
|
||
| fs.writeFileSync(awsConfigFile, ini.stringify(config)); | ||
| } | ||
|
|
There was a problem hiding this comment.
So you don't need a credentials file? Only a config file will suffice?
There was a problem hiding this comment.
The config needs to point to a webIdentityToken file, which is already supported. We just need to point to it from multiple profiles.
|
Hi @pecigonzalo, I was just about to create a new PR to support this workflow. I understand you want to include the feature to save the assumed credentials in the In my use case I need the following step because a tool within the workflow requires to load the config from the - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.AWS_ROLE }}
role-session-name: session-role
- name: Set AWS Credentials file
run: |
[[ ! -d "${HOME}/.aws" ]] && mkdir ${HOME}/.aws
echo "[profile ${{ env.ENV }}]" >> ${HOME}/.aws/config && \
echo "aws_access_key_id=${{ env.AWS_ACCESS_KEY_ID }}" >> ${HOME}/.aws/config && \
echo "aws_secret_access_key=${{ env.AWS_SECRET_ACCESS_KEY }}" >> ${HOME}/.aws/config && \
echo "aws_session_token=${{ env.AWS_SESSION_TOKEN }}" >> ${HOME}/.aws/configThanks! |
|
@jfagoagas Being able to set a custom path for the .aws directory would also be great. As an example with this action you need .aws to be in the action workspace, since ~/.aws isn't mounted to the image: |
|
@bconnorwhite totally agree, it would be great! |
|
Agree with all comments and features, I opened this to confirm the approach with the contributors in the linked issue. If they are happy with it, I'll gladly support the use cases you highlighted |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const nameTruncated = nameWithoutSpecialCharacters.slice(0, MAX_TAG_VALUE_LENGTH) | ||
| return nameTruncated | ||
| const nameWithoutSpecialCharacters = name.replace( | ||
| /[^\p{L}\p{Z}\p{N}_:/=+.-@-]/gu, |
Check warning
Code scanning / CodeQL
Overly permissive regular expression range
|
Closing in favor of #633 |
Issue #: #112
Description of changes: Add support to store multiple profiles in config
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
I don't know what format this repo uses, VSCode by default formats like this.