Skip to content

Commit 02564fe

Browse files
mjasionmjasion
authored
Switch build-ami action to OIDC (#737)
With hiterative/itops#890 we switched terraform project name from cml to `packer-infra` to be used also for Studio-Selfhosted packer builds. Additionaly I made a role to cooperate with OIDC. Co-authored-by: Marcin Jasion <mjasion@users.noreply.github.com>
1 parent 4a4c75e commit 02564fe

File tree

2 files changed

+9
-15
lines changed

2 files changed

+9
-15
lines changed

.github/workflows/build-ami.yml

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,19 @@ name: build-ami
22
on:
33
push:
44
branches: [main]
5-
paths: [environment/**]
5+
paths:
6+
- environment/**
7+
- .github/workflows/build-ami.yml
68
jobs:
79
build-ami:
10+
environment: aws
811
runs-on: ubuntu-latest
912
steps:
1013
- uses: actions/checkout@v3
14+
- uses: aws-actions/configure-aws-credentials@v1
15+
with:
16+
aws-region: us-east-2
17+
role-to-assume: arn:aws:iam::260760892802:role/cml-terraform-provider
1118
- run: |
1219
packer init environment
1320
packer build environment
14-
env:
15-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
16-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

environment/ami.pkr.hcl

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,8 @@ variables {
1919
}
2020

2121
variables {
22-
aws_role_session_name = "cml-packer-session"
23-
aws_role_arn = "arn:aws:iam::260760892802:role/cml-packer"
2422
aws_subnet_id = "subnet-09fca08419c2f0575"
25-
aws_security_group_id = "sg-0b7df7d9f902ca7ec"
23+
aws_security_group_id = "sg-03ff7b083bdc991e5"
2624
}
2725

2826
locals {
@@ -68,10 +66,6 @@ data "amazon-ami" "ubuntu" {
6866
virtualization-type = "hvm"
6967
}
7068

71-
assume_role {
72-
role_arn = var.aws_role_arn
73-
session_name = var.aws_role_session_name
74-
}
7569
}
7670

7771
source "amazon-ebs" "source" {
@@ -96,10 +90,6 @@ source "amazon-ebs" "source" {
9690
run_tags = local.aws_tags
9791
run_volume_tags = local.aws_tags
9892

99-
assume_role {
100-
role_arn = var.aws_role_arn
101-
session_name = var.aws_role_session_name
102-
}
10393
}
10494

10595
build {

0 commit comments

Comments
 (0)