Skip to content

Instantly share code, notes, and snippets.

@lawliet89
Created September 11, 2022 00:50
Show Gist options
  • Save lawliet89/71ffbe17e8eb38d892e5ce3e243a0829 to your computer and use it in GitHub Desktop.
Save lawliet89/71ffbe17e8eb38d892e5ce3e243a0829 to your computer and use it in GitHub Desktop.
TFC Workload Identity for AWS Hooks
#!/bin/bash
set -euo pipefail
if [ -z ${TFC_AWS_APPLY_ROLE_ARN+x} ] && [ -z ${TFC_AWS_RUN_ROLE_ARN+x} ]; then
echo "Skipping this script because both env vars are missing and unset";
else
set +u
ROLE_ARN="${TFC_AWS_APPLY_ROLE_ARN:-$TFC_AWS_RUN_ROLE_ARN}"
set -u
echo "Preparing AWS provider auth..."
# Remove any previous identity tokens
rm -f /.aws-workload/token-file
echo "${TFC_WORKLOAD_IDENTITY_TOKEN}" > /.aws-workload/token-file
mkdir ~/.aws
rm -f ~/.aws/config
{
echo "[default]"
echo "role_arn=${ROLE_ARN}"
echo "web_identity_token_file=/.aws-workload/token-file"
echo "role_session_name=${TFC_RUN_ID}"
} >> ~/.aws/config
echo "AWS provider auth prepared"
fi
#!/bin/bash
set -euo pipefail
if [ -z ${TFC_AWS_PLAN_ROLE_ARN+x} ] && [ -z ${TFC_AWS_RUN_ROLE_ARN+x} ]; then
echo "Skipping this script because both env vars are missing and unset";
else
set +u
ROLE_ARN="${TFC_AWS_PLAN_ROLE_ARN:-$TFC_AWS_RUN_ROLE_ARN}"
set -u
echo "Preparing AWS provider auth..."
# Remove any previous identity tokens
rm -f /.aws-workload/token-file
echo "${TFC_WORKLOAD_IDENTITY_TOKEN}" > /.aws-workload/token-file
mkdir ~/.aws
rm -f ~/.aws/config
{
echo "[default]"
echo "role_arn=${ROLE_ARN}"
echo "web_identity_token_file=/.aws-workload/token-file"
echo "role_session_name=${TFC_RUN_ID}"
} >> ~/.aws/config
echo "AWS provider auth prepared"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment