Skip to main content

Cloud Credentials

AWS - CodeArtifact

In this page we explain how you can use the CodeArtifact from AWS elements while using ShamanOps.

Pre-requisites

1. Add the following variable as a secret in your CI platform:

AWS_ACCESS_KEY_ID *
This value specifies an AWS access key associated with an IAM user or role. Is required to connect to Amazon Keyspaces programmatically.

AWS_REGION *
The AWS SDK compatible environment variable that specifies the AWS Region to send the request to.

AWS_SECRET_ACCESS_KEY *
This value specifies the secret key associated with the access key. This is essentially the "password" for the access key.

Usage

1. In the github-ci.yaml file search for the secrets: section, you will find it like this:

#-------------------------------------------------------------------------------------------------#
    secrets:

2. Bellow the section title, add the following configuration: 

      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_REGION: ${{ secrets.AWS_REGION }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

3. Add to your Dockerfile the necessary steps to use this keys and the token in buildtime, if you don't know how, here you have an example:

# Generate token with AWS-CLI
FROM docker.io/amazon/aws-cli:latest as awscli
ARG AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION
RUN aws codeartifact get-authorization-token \
    --domain <your-domain> \
    --domain-owner <your-domain-owner-number> \
    --region $AWS_REGION \
    --query authorizationToken --output text > /tmp/aws-token
 
# Use generated token in Build-Time
FROM docker.io/library/fedora:latest
COPY --from=awscli /tmp/aws-token /tmp/aws-token
RUN export CODEARTIFACT_AUTH_TOKEN=$(cat /tmp/aws-token); echo $CODEARTIFACT_AUTH_TOKEN > /tmp/aws-token-from-variable

4. Commit and enjoy! ✨