From 96724efbc5ebdd8ce7413932d6e0bb688626823d Mon Sep 17 00:00:00 2001 From: "brian.johnston" Date: Wed, 5 Mar 2025 09:28:31 +0000 Subject: [PATCH 1/3] terragrunt-config-export --- .../workflows/terragrunt-config-export.yml | 38 ++++ terragrunt-config-export/.gitignore | 1 + terragrunt-config-export/Dockerfile | 12 ++ terragrunt-config-export/README.md | 82 ++++++++ terragrunt-config-export/main.py | 185 ++++++++++++++++++ terragrunt-config-export/pipe.yml | 39 ++++ terragrunt-config-export/requirements.txt | 2 + 7 files changed, 359 insertions(+) create mode 100644 .github/workflows/terragrunt-config-export.yml create mode 100644 terragrunt-config-export/.gitignore create mode 100644 terragrunt-config-export/Dockerfile create mode 100644 terragrunt-config-export/README.md create mode 100644 terragrunt-config-export/main.py create mode 100644 terragrunt-config-export/pipe.yml create mode 100644 terragrunt-config-export/requirements.txt diff --git a/.github/workflows/terragrunt-config-export.yml b/.github/workflows/terragrunt-config-export.yml new file mode 100644 index 0000000..8b2fc7d --- /dev/null +++ b/.github/workflows/terragrunt-config-export.yml @@ -0,0 +1,38 @@ +name: Terragrunt Config Export + +on: + push: + branches: + - master + paths: + - 'terragrunt-config-export/**' + pull_request: + branches: + - '*' + paths: + - 'terragrunt-config-export/**' + +jobs: + build-and-push-docker: + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/master' + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: terragrunt-config-export + file: terragrunt-config-export/Dockerfile + push: true + tags: sykescottages/bitbucket-pipes:terragrunt-config-export \ No newline at end of file diff --git a/terragrunt-config-export/.gitignore b/terragrunt-config-export/.gitignore new file mode 100644 index 0000000..723ef36 --- /dev/null +++ b/terragrunt-config-export/.gitignore @@ -0,0 +1 @@ +.idea \ No newline at end of file diff --git a/terragrunt-config-export/Dockerfile b/terragrunt-config-export/Dockerfile new file mode 100644 index 0000000..f45c9b0 --- /dev/null +++ b/terragrunt-config-export/Dockerfile @@ -0,0 +1,12 @@ +FROM python:3.9-slim + +WORKDIR /app + +COPY requirements.txt . +RUN pip install --no-cache-dir -r requirements.txt + +COPY main.py . + +RUN chmod +x main.py + +ENTRYPOINT ["python", "/app/main.py"] \ No newline at end of file diff --git a/terragrunt-config-export/README.md b/terragrunt-config-export/README.md new file mode 100644 index 0000000..53b69ce --- /dev/null +++ b/terragrunt-config-export/README.md @@ -0,0 +1,82 @@ +# Bitbucket Pipe: Terragrunt config export + +This pipe retrieves all the config needed to pass into a helm chart to deploy the sandbox environments. +## YAML Definition + +Add the following to your `bitbucket-pipelines.yml` file: + +```yaml +- pipe: + variables: + ECS_CLUSTER: 'my-ecs-cluster' + ECS_SERVICE: 'my-ecs-service' + # Optional variables + EXTRA_ENV: #Extra env vars to include in the config + BASE_URL: example.com + ENDPOINTS: ['authenticate'] + IAM_ROLE: 'arn:aws:iam::account-id:role/role-name' + AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' + AWS_PROFILE: 'staging' + OUTPUT_FILE: 'values.yml' + AWS_REGION: 'eu-west-1' +``` + +## Variables + +| Variable | Usage | Required | +| -------- |---------------------------------------------| -------- | +| ECS_CLUSTER | Name of the ECS cluster | Yes | +| ECS_SERVICE | Name of the ECS service | Yes | +| EXTRA_ENV | Extra environment vars for the sevice | No | +| ENDPOINTS | Endpoints for the target groups | No | +| IAM_ROLE | IAM role for the service to use | No | +| AWS_ROLE_ARN | ARN of IAM role to assume to get the config | No | +| AWS_PROFILE | Profile to use to get the config | No | +| OUTPUT_FILE | File to write the config to | No | +| AWS_REGION | AWS region | No | + +## Examples + +### Basic Usage + +```yaml +- pipe: your-docker-registry/ecs-container-definitions-pipe:latest + variables: + ECS_CLUSTER: 'my-ecs-cluster' + ECS_SERVICE: 'my-ecs-service' + AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' +``` + +### Write output to a file and use in subsequent steps + +```yaml +- step: + name: Extract ECS Configuration + script: + - pipe: your-docker-registry/ecs-container-definitions-pipe:latest + variables: + ECS_CLUSTER: 'my-ecs-cluster' + ECS_SERVICE: 'my-ecs-service' + AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' + OUTPUT_FILE: 'values.yml' + - cat values.yml.json +``` + +## Development + +To build and test this pipe locally: + +1. Build the Docker image: + ```bash + docker build -t terragrunt-config-export . + ``` + +2. Run the pipe locally: + ```bash + docker run \ + -v ~/.aws:/root/.aws \ + -e ECS_CLUSTER="ew1-s-hyperion" \ + -e ECS_SERVICE="ew1-s-hyperion-webapp" \ + -e AWS_PROFILE="staging" \ + terragrunt-config-export + ``` \ No newline at end of file diff --git a/terragrunt-config-export/main.py b/terragrunt-config-export/main.py new file mode 100644 index 0000000..edbc180 --- /dev/null +++ b/terragrunt-config-export/main.py @@ -0,0 +1,185 @@ +#!/usr/bin/env python3 + +import os +import sys +import boto3 +import yaml +from datetime import datetime + +def get_boto3_client(service_name='ecs'): + """ + Create and return a boto3 client with appropriate authentication. + """ + region = os.environ.get('AWS_REGION', os.environ.get('AWS_DEFAULT_REGION', 'eu-west-1')) + profile_name = os.environ.get('AWS_PROFILE') + role_arn = os.environ.get('AWS_ROLE_ARN') + + if role_arn: + # Create an STS client to assume the role + sts_client = boto3.client('sts', region_name=region) + + # Assume the role + response = sts_client.assume_role( + RoleArn=role_arn, + RoleSessionName=f"ECSContainerDefinitionsPipe-{datetime.now().strftime('%Y%m%d%H%M%S')}" + ) + + # Extract temporary credentials + credentials = response['Credentials'] + + # Create a new session with the assumed role credentials + return boto3.client( + service_name, + region_name=region, + aws_access_key_id=credentials['AccessKeyId'], + aws_secret_access_key=credentials['SecretAccessKey'], + aws_session_token=credentials['SessionToken'] + ) + elif profile_name: + # Use the specified AWS profile (including SSO profiles) + session = boto3.Session(profile_name=profile_name) + return session.client(service_name, region_name=region) + else: + # Standard credentials (from environment or instance profile) + return boto3.client(service_name, region_name=region) + + +def convert_to_terragrunt_format(task_definition, service_name): + """ + Convert ECS task definition to the required Terragrunt format. + """ + # Initialize the terragrunt config structure + config = { + "deployment": { + "extraEnv": os.environ.get('EXTRA_ENV', []) + }, + "terragruntConfig": { + "name": f"({service_name})", + "secrets": [], + "containers": [], + "mainContainerName": "", + "resources": [], + "endpoints": os.environ.get('ENDPOINTS', []), + "iamRole": os.environ.get('IAM_ROLE', "") + } + } + + config["terragruntConfig"]['resources'].append({'cpu': task_definition.get("cpu", 0)}) + config["terragruntConfig"]['resources'].append({'memory': task_definition.get("memory", 0)}) + + # Process each container definition + for container in task_definition.get("containerDefinitions", []): + terragrunt_container = { + "name": container.get("name", ""), + "image": container.get("image", ""), + "environment": [], + "ports": [], + "dependencies": [] + } + + if "secrets" in container: + for secret in container["secrets"]: + secret_name = secret.get("valueFrom", "").split(":")[-1].rsplit("-", 1)[0] + if secret_name not in config["terragruntConfig"]["secrets"]: + config["terragruntConfig"]["secrets"].append( + secret_name + ) + + # Process environment variables + if "environment" in container: + for env in container["environment"]: + terragrunt_container["environment"].append({ + "name": env.get("name", ""), + "value": env.get("value", "") + }) + + # Process port mappings + if "portMappings" in container: + for port in container["portMappings"]: + terragrunt_container["ports"].append({ + "name": port.get("name", ""), + "hostPort": port.get("hostPort", 0), + "containerPort": port.get("containerPort", 0), + "protocol": port.get("protocol", "") + }) + + # Process dependencies (if any) + if "dependsOn" in container: + for dep in container["dependsOn"]: + terragrunt_container["dependencies"].append({ + "condition": dep.get("condition", ""), + "containerName": dep.get("containerName", "") + }) + + config["terragruntConfig"]["containers"].append(terragrunt_container) + + return config + + +def get_container_definitions(): + """ + Get container definitions from ECS service + """ + # Required parameters + cluster = os.environ.get('ECS_CLUSTER') + service = os.environ.get('ECS_SERVICE') + + # Validate required parameters + if not cluster: + print("Error: ECS_CLUSTER is required") + sys.exit(1) + + if not service: + print("Error: ECS_SERVICE is required") + sys.exit(1) + + try: + # Get the ECS client + ecs_client = get_boto3_client('ecs') + + # Get the service details + print(f"Fetching service details for {service} in cluster {cluster}...") + service_response = ecs_client.describe_services( + cluster=cluster, + services=[service] + ) + + if not service_response['services']: + print(f"Error: Service {service} not found in cluster {cluster}") + sys.exit(1) + + # Get the task definition ARN + task_definition_arn = service_response['services'][0]['taskDefinition'] + print(f"Found task definition: {task_definition_arn}") + + # Get the task definition details + task_def_response = ecs_client.describe_task_definition( + taskDefinition=task_definition_arn + ) + + print("Converting to Terragrunt format...") + response = convert_to_terragrunt_format( + task_def_response['taskDefinition'], + service + ) + + output_content = yaml.dump(response, default_flow_style=False, sort_keys=False) + + # Write to file if specified + if os.environ.get('OUTPUT_FILE'): + with open(os.environ.get('OUTPUT_FILE'), 'w') as f: + f.write(output_content) + print(f"Output written to {os.environ.get('OUTPUT_FILE')}") + else: + print(output_content) + + print("✅ Successfully retrieved container definitions") + return 0 + + except Exception as e: + print(f"❌ Error: {str(e)}") + return 1 + + +if __name__ == "__main__": + sys.exit(get_container_definitions()) diff --git a/terragrunt-config-export/pipe.yml b/terragrunt-config-export/pipe.yml new file mode 100644 index 0000000..069c435 --- /dev/null +++ b/terragrunt-config-export/pipe.yml @@ -0,0 +1,39 @@ +name: Terragrunt config export +description: Retrieve the config needed for the helm chart from the ECS Service +image: +category: Utilities +repository: https://bitbucket.org/sykescottagesltd/terragrunt-config-export +vendor: + name: Forge Holiday Group + website: https://www.forgeholidays.com/ +variables: + ECS_CLUSTER: + description: Name of the ECS cluster + required: true + ECS_SERVICE: + description: Name of the ECS service + required: true + EXTRA_ENV: + type: Map + required: false + default: {} + ENDPOINTS: + type: Array + required: false + default: [] + IAM_ROLE: + description: The IAM Role for the service + required: false + OUTPUT_FILE: + description: File to write the output to (if not specified, outputs to console) + required: false + AWS_ROLE_ARN: + description: ARN of IAM role to assume (optional) + required: false + AWS_PROFILE: + description: Profile to assume when running locally + required: false + AWS_REGION: + description: AWS region + default: "eu-west-1" + required: false \ No newline at end of file diff --git a/terragrunt-config-export/requirements.txt b/terragrunt-config-export/requirements.txt new file mode 100644 index 0000000..0da7863 --- /dev/null +++ b/terragrunt-config-export/requirements.txt @@ -0,0 +1,2 @@ +boto3==1.28.50 +pyyaml==6.0.1 \ No newline at end of file From fdefe7fa759ab4deac85c3b03f422faca0eb1a5a Mon Sep 17 00:00:00 2001 From: "brian.johnston" Date: Wed, 5 Mar 2025 10:21:18 +0000 Subject: [PATCH 2/3] Change to use oidc --- terragrunt-config-export/README.md | 28 +++++------ terragrunt-config-export/main.py | 81 ++++++++++++++++-------------- terragrunt-config-export/pipe.yml | 6 +-- 3 files changed, 61 insertions(+), 54 deletions(-) diff --git a/terragrunt-config-export/README.md b/terragrunt-config-export/README.md index 53b69ce..8f7fbf9 100644 --- a/terragrunt-config-export/README.md +++ b/terragrunt-config-export/README.md @@ -10,12 +10,12 @@ Add the following to your `bitbucket-pipelines.yml` file: variables: ECS_CLUSTER: 'my-ecs-cluster' ECS_SERVICE: 'my-ecs-service' + AWS_OIDC_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' # Optional variables EXTRA_ENV: #Extra env vars to include in the config BASE_URL: example.com ENDPOINTS: ['authenticate'] IAM_ROLE: 'arn:aws:iam::account-id:role/role-name' - AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' AWS_PROFILE: 'staging' OUTPUT_FILE: 'values.yml' AWS_REGION: 'eu-west-1' @@ -23,17 +23,17 @@ Add the following to your `bitbucket-pipelines.yml` file: ## Variables -| Variable | Usage | Required | -| -------- |---------------------------------------------| -------- | -| ECS_CLUSTER | Name of the ECS cluster | Yes | -| ECS_SERVICE | Name of the ECS service | Yes | -| EXTRA_ENV | Extra environment vars for the sevice | No | -| ENDPOINTS | Endpoints for the target groups | No | -| IAM_ROLE | IAM role for the service to use | No | -| AWS_ROLE_ARN | ARN of IAM role to assume to get the config | No | -| AWS_PROFILE | Profile to use to get the config | No | -| OUTPUT_FILE | File to write the config to | No | -| AWS_REGION | AWS region | No | +| Variable | Usage | Required | +| -------- |---------------------------------------| -------- | +| ECS_CLUSTER | Name of the ECS cluster | Yes | +| ECS_SERVICE | Name of the ECS service | Yes | +| AWS_OIDC_ROLE_ARN | OIDC Role to assume | Yes | +| EXTRA_ENV | Extra environment vars for the sevice | No | +| ENDPOINTS | Endpoints for the target groups | No | +| IAM_ROLE | IAM role for the service to use | No | +| AWS_PROFILE | Profile to use to get the config | No | +| OUTPUT_FILE | File to write the config to | No | +| AWS_REGION | AWS region | No | ## Examples @@ -44,7 +44,7 @@ Add the following to your `bitbucket-pipelines.yml` file: variables: ECS_CLUSTER: 'my-ecs-cluster' ECS_SERVICE: 'my-ecs-service' - AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' + AWS_OIDC_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' ``` ### Write output to a file and use in subsequent steps @@ -57,7 +57,7 @@ Add the following to your `bitbucket-pipelines.yml` file: variables: ECS_CLUSTER: 'my-ecs-cluster' ECS_SERVICE: 'my-ecs-service' - AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' + AWS_OIDC_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' OUTPUT_FILE: 'values.yml' - cat values.yml.json ``` diff --git a/terragrunt-config-export/main.py b/terragrunt-config-export/main.py index edbc180..8c0487c 100644 --- a/terragrunt-config-export/main.py +++ b/terragrunt-config-export/main.py @@ -4,44 +4,51 @@ import sys import boto3 import yaml -from datetime import datetime +import time +import stat +import configparser + + +def auth_oidc(): + random_number = str(time.time_ns()) + aws_config_directory = os.path.join(os.environ["HOME"], '.aws') + oidc_token_directory = os.path.join(aws_config_directory, '.aws-oidc') + + os.makedirs(aws_config_directory, exist_ok=True) + os.makedirs(oidc_token_directory, exist_ok=True) + + web_identity_token_path = os.path.join(oidc_token_directory, f'oidc_token_{random_number}') + with open(web_identity_token_path, 'w') as f: + f.write(os.getenv('BITBUCKET_STEP_OIDC_TOKEN')) + + os.chmod(web_identity_token_path, mode=stat.S_IRUSR) + print('Web identity token file is created') + + aws_configfile_path = os.path.join(aws_config_directory, 'config') + with open(aws_configfile_path, 'w') as configfile: + config = configparser.ConfigParser() + config['default'] = { + 'role_arn': os.getenv('\fi'), + 'web_identity_token_file': web_identity_token_path + } + config.write(configfile) + print('Configured settings for authentication with assume web identity role') + def get_boto3_client(service_name='ecs'): """ Create and return a boto3 client with appropriate authentication. """ - region = os.environ.get('AWS_REGION', os.environ.get('AWS_DEFAULT_REGION', 'eu-west-1')) - profile_name = os.environ.get('AWS_PROFILE') - role_arn = os.environ.get('AWS_ROLE_ARN') - - if role_arn: - # Create an STS client to assume the role - sts_client = boto3.client('sts', region_name=region) - - # Assume the role - response = sts_client.assume_role( - RoleArn=role_arn, - RoleSessionName=f"ECSContainerDefinitionsPipe-{datetime.now().strftime('%Y%m%d%H%M%S')}" - ) + region = os.getenv('AWS_REGION', os.getenv('AWS_DEFAULT_REGION', 'eu-west-1')) + profile_name = os.getenv('AWS_PROFILE') + oidc = os.getenv('AWS_OIDC_ROLE_ARN') - # Extract temporary credentials - credentials = response['Credentials'] - - # Create a new session with the assumed role credentials - return boto3.client( - service_name, - region_name=region, - aws_access_key_id=credentials['AccessKeyId'], - aws_secret_access_key=credentials['SecretAccessKey'], - aws_session_token=credentials['SessionToken'] - ) + if oidc: + auth_oidc() + return boto3.client(service_name,region_name=region) elif profile_name: - # Use the specified AWS profile (including SSO profiles) session = boto3.Session(profile_name=profile_name) return session.client(service_name, region_name=region) - else: - # Standard credentials (from environment or instance profile) - return boto3.client(service_name, region_name=region) def convert_to_terragrunt_format(task_definition, service_name): @@ -51,7 +58,7 @@ def convert_to_terragrunt_format(task_definition, service_name): # Initialize the terragrunt config structure config = { "deployment": { - "extraEnv": os.environ.get('EXTRA_ENV', []) + "extraEnv": os.getenv('EXTRA_ENV', []) }, "terragruntConfig": { "name": f"({service_name})", @@ -59,8 +66,8 @@ def convert_to_terragrunt_format(task_definition, service_name): "containers": [], "mainContainerName": "", "resources": [], - "endpoints": os.environ.get('ENDPOINTS', []), - "iamRole": os.environ.get('IAM_ROLE', "") + "endpoints": os.getenv('ENDPOINTS', []), + "iamRole": os.getenv('IAM_ROLE', "") } } @@ -121,8 +128,8 @@ def get_container_definitions(): Get container definitions from ECS service """ # Required parameters - cluster = os.environ.get('ECS_CLUSTER') - service = os.environ.get('ECS_SERVICE') + cluster = os.getenv('ECS_CLUSTER') + service = os.getenv('ECS_SERVICE') # Validate required parameters if not cluster: @@ -166,10 +173,10 @@ def get_container_definitions(): output_content = yaml.dump(response, default_flow_style=False, sort_keys=False) # Write to file if specified - if os.environ.get('OUTPUT_FILE'): - with open(os.environ.get('OUTPUT_FILE'), 'w') as f: + if os.getenv('OUTPUT_FILE'): + with open(os.getenv('OUTPUT_FILE'), 'w') as f: f.write(output_content) - print(f"Output written to {os.environ.get('OUTPUT_FILE')}") + print(f"Output written to {os.getenv('OUTPUT_FILE')}") else: print(output_content) diff --git a/terragrunt-config-export/pipe.yml b/terragrunt-config-export/pipe.yml index 069c435..2883247 100644 --- a/terragrunt-config-export/pipe.yml +++ b/terragrunt-config-export/pipe.yml @@ -13,6 +13,9 @@ variables: ECS_SERVICE: description: Name of the ECS service required: true + AWS_OIDC_ROLE_ARN: + description: ARN of IAM OIDC Role to assume + required: true EXTRA_ENV: type: Map required: false @@ -27,9 +30,6 @@ variables: OUTPUT_FILE: description: File to write the output to (if not specified, outputs to console) required: false - AWS_ROLE_ARN: - description: ARN of IAM role to assume (optional) - required: false AWS_PROFILE: description: Profile to assume when running locally required: false From be38d1cdd067eca92a2d7f4cf43dc05ac15c16f5 Mon Sep 17 00:00:00 2001 From: "brian.johnston" Date: Wed, 5 Mar 2025 10:37:17 +0000 Subject: [PATCH 3/3] oicd --- terragrunt-config-export/README.md | 29 ----------------------------- terragrunt-config-export/pipe.yml | 9 --------- 2 files changed, 38 deletions(-) diff --git a/terragrunt-config-export/README.md b/terragrunt-config-export/README.md index 7fff317..8f7fbf9 100644 --- a/terragrunt-config-export/README.md +++ b/terragrunt-config-export/README.md @@ -10,19 +10,12 @@ Add the following to your `bitbucket-pipelines.yml` file: variables: ECS_CLUSTER: 'my-ecs-cluster' ECS_SERVICE: 'my-ecs-service' -<<<<<<< HEAD AWS_OIDC_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' -======= ->>>>>>> a0a9114ad1ee0534dd9c29b6381c0891977cb5b6 # Optional variables EXTRA_ENV: #Extra env vars to include in the config BASE_URL: example.com ENDPOINTS: ['authenticate'] IAM_ROLE: 'arn:aws:iam::account-id:role/role-name' -<<<<<<< HEAD -======= - AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' ->>>>>>> a0a9114ad1ee0534dd9c29b6381c0891977cb5b6 AWS_PROFILE: 'staging' OUTPUT_FILE: 'values.yml' AWS_REGION: 'eu-west-1' @@ -30,7 +23,6 @@ Add the following to your `bitbucket-pipelines.yml` file: ## Variables -<<<<<<< HEAD | Variable | Usage | Required | | -------- |---------------------------------------| -------- | | ECS_CLUSTER | Name of the ECS cluster | Yes | @@ -42,19 +34,6 @@ Add the following to your `bitbucket-pipelines.yml` file: | AWS_PROFILE | Profile to use to get the config | No | | OUTPUT_FILE | File to write the config to | No | | AWS_REGION | AWS region | No | -======= -| Variable | Usage | Required | -| -------- |---------------------------------------------| -------- | -| ECS_CLUSTER | Name of the ECS cluster | Yes | -| ECS_SERVICE | Name of the ECS service | Yes | -| EXTRA_ENV | Extra environment vars for the sevice | No | -| ENDPOINTS | Endpoints for the target groups | No | -| IAM_ROLE | IAM role for the service to use | No | -| AWS_ROLE_ARN | ARN of IAM role to assume to get the config | No | -| AWS_PROFILE | Profile to use to get the config | No | -| OUTPUT_FILE | File to write the config to | No | -| AWS_REGION | AWS region | No | ->>>>>>> a0a9114ad1ee0534dd9c29b6381c0891977cb5b6 ## Examples @@ -65,11 +44,7 @@ Add the following to your `bitbucket-pipelines.yml` file: variables: ECS_CLUSTER: 'my-ecs-cluster' ECS_SERVICE: 'my-ecs-service' -<<<<<<< HEAD AWS_OIDC_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' -======= - AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' ->>>>>>> a0a9114ad1ee0534dd9c29b6381c0891977cb5b6 ``` ### Write output to a file and use in subsequent steps @@ -82,11 +57,7 @@ Add the following to your `bitbucket-pipelines.yml` file: variables: ECS_CLUSTER: 'my-ecs-cluster' ECS_SERVICE: 'my-ecs-service' -<<<<<<< HEAD AWS_OIDC_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' -======= - AWS_ROLE_ARN: 'arn:aws:iam::account-id:role/role-name' ->>>>>>> a0a9114ad1ee0534dd9c29b6381c0891977cb5b6 OUTPUT_FILE: 'values.yml' - cat values.yml.json ``` diff --git a/terragrunt-config-export/pipe.yml b/terragrunt-config-export/pipe.yml index a4b76c1..2883247 100644 --- a/terragrunt-config-export/pipe.yml +++ b/terragrunt-config-export/pipe.yml @@ -13,12 +13,9 @@ variables: ECS_SERVICE: description: Name of the ECS service required: true -<<<<<<< HEAD AWS_OIDC_ROLE_ARN: description: ARN of IAM OIDC Role to assume required: true -======= ->>>>>>> a0a9114ad1ee0534dd9c29b6381c0891977cb5b6 EXTRA_ENV: type: Map required: false @@ -33,12 +30,6 @@ variables: OUTPUT_FILE: description: File to write the output to (if not specified, outputs to console) required: false -<<<<<<< HEAD -======= - AWS_ROLE_ARN: - description: ARN of IAM role to assume (optional) - required: false ->>>>>>> a0a9114ad1ee0534dd9c29b6381c0891977cb5b6 AWS_PROFILE: description: Profile to assume when running locally required: false