Merge pull request #3 from Orange-OpenSource/bugfix/cicd_assume_role_…

…variabilisiation Variabilise CICD account ID and role name to be used in get sts tocke…
Orange-OpenSource · Jul 3, 2023 · b61d7bb · b61d7bb
2 parents f57fdb2 + 98df0dd
commit b61d7bb
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/automation/jinja2/templates/.env.dist.j2 b/automation/jinja2/templates/.env.dist.j2
@@ -36,6 +36,10 @@ CICD_RUNNER_TAGS={{ CICD_RUNNER_TAGS | join(',') }}
 {% if CICD_ROLE_NAME %}
 CICD_ROLE_NAME={{ CICD_ROLE_NAME }}
 
+{% endif %}
+{% if CICD_ACCOUNT_ID %}
+CICD_ACCOUNT_ID={{ CICD_ACCOUNT_ID }}
+
 {% endif %}
 ########################################################################################################################
 # Docker Compose image tags to use

diff --git a/automation/jinja2/templates/.gitlab-ci.yml.j2 b/automation/jinja2/templates/.gitlab-ci.yml.j2
@@ -66,7 +66,7 @@ stages:
   script: |
     #!/usr/bin/env bash
     echo "Getting temporary credentials associated to assume role"
-    STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::903534291474:role/XXXXXX-CiCd-CrossAccountRole --role-session-name ${CI_COMMIT_SHA})
+    STS_CREDS=$(aws sts assume-role --role-arn arn:aws:iam::{{ environ('CICD_ACCOUNT_ID') }}:role/{{ environ('CICD_ROLE_NAME') }} --role-session-name ${CI_COMMIT_SHA})
     AWS_ACCESS_KEY_ID=$(echo $STS_CREDS | jq -r '.Credentials.AccessKeyId')
     AWS_SECRET_ACCESS_KEY=$(echo $STS_CREDS | jq -r '.Credentials.SecretAccessKey')
     AWS_SESSION_TOKEN=$(echo $STS_CREDS | jq -r '.Credentials.SessionToken')

diff --git a/configure.yaml.dist b/configure.yaml.dist
@@ -58,6 +58,7 @@ GITLAB_JOBS:
     delete_all: True
 
 CICD_ROLE_NAME: XXXXXX-CiCd-CrossAccountRole
+CICD_ACCOUNT_ID: 123546789123
 
 # Run Terraform apply only on main branch
 TF_APPLY_ONLY_MAIN: True