Skip to content

Buildkite plugin to unset IAM role environment variables after running command

License

Notifications You must be signed in to change notification settings

franklin-ross/aws-restore-role-buildkite-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 

Repository files navigation

AWS Restore Role Buildkite Plugin

A Buildkite plugin to unset IAM Role environment variables after running the build command.

This is essentially the inverse of the AWS Assume Role Plugin, resetting the environment back to the default role for the build agent.

This plugin should come early (probably first) in your plugin list due to Buildkite's decision to run pre-command hooks and post-command hooks in the same order. Remember that assuming a role happens before the command and restoring a role happens after the command.

Example

steps:
  - command: bin/ci-aws-thing
    plugins:
      - franklin-ross/aws-restore-role#HEAD: ~
      # Without aws-restore-role, this plugin would use the default agent role
      # in the pre-command hook and the example-role in the post-command hook.
      - plugin-that-uses-aws-roles: ~
      - cultureamp/aws-assume-role#v0.1.0:
          role: "arn:aws:iam::123456789012:role/example-role"

About

Buildkite plugin to unset IAM role environment variables after running command

Topics

Resources

License

Stars

Watchers

Forks

Languages