Improve traceability of AWS API calls in test runs

Author: niallthomson

.github/workflows/module-test.yaml

@@ -38,13 +38,6 @@ jobs:
         chmod +x ${HOME}/.local/bin/*
 
         echo "${HOME}/.local/bin" >> $GITHUB_PATH
-    - name: Get AWS credentials
-      uses: aws-actions/[email protected]
-      with:
-        role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
-        role-duration-seconds: 3600
-        aws-region: ${{ secrets.AWS_REGION }}
-        role-session-name: GithubActionsSession
     - name: Set cluster ID
       env:
         RUN_ID: "${{ github.job }}"
@@ -53,6 +46,13 @@ jobs:
         CLUSTER_ID=$(echo $RANDOM | md5sum | head -c 8)
         echo "Using cluster ID ${CLUSTER_ID}"
         echo "CLUSTER_ID=$CLUSTER_ID" >> $GITHUB_ENV
+    - name: Get AWS credentials
+      uses: aws-actions/[email protected]
+      with:
+        role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+        role-duration-seconds: 3600
+        aws-region: ${{ secrets.AWS_REGION }}
+        role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }}
     - name: Create infrastructure
       id: create-infrastructure
       env:
@@ -66,7 +66,7 @@ jobs:
         role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
         role-duration-seconds: 3600
         aws-region: ${{ secrets.AWS_REGION }}
-        role-session-name: GithubActionsSession
+        role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }}
     - name: Run tests - Module
       env:
         DOCKER_BUILDKIT: 1
@@ -85,7 +85,7 @@ jobs:
         role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
         role-duration-seconds: 3600
         aws-region: ${{ secrets.AWS_REGION }}
-        role-session-name: GithubActionsSession
+        role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }}
     - name: Run tests - Cleanup
       if: always()
       env:
@@ -103,7 +103,7 @@ jobs:
         role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
         role-duration-seconds: 3600
         aws-region: ${{ secrets.AWS_REGION }}
-        role-session-name: GithubActionsSession
+        role-session-name: GithubActionsSession-${{ env.CLUSTER_ID }}
     - name: Cleanup environment
       if: always()
       env:

hack/lib/generate-aws-creds.sh

@@ -1,6 +1,6 @@
 echo "Generating temporary AWS credentials..."
 
-ACCESS_VARS=$(aws sts assume-role --role-arn $ASSUME_ROLE --role-session-name eks-workshop-shell --output json | jq -r '.Credentials | "export AWS_ACCESS_KEY_ID=\(.AccessKeyId) AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) AWS_SESSION_TOKEN=\(.SessionToken)"')
+ACCESS_VARS=$(aws sts assume-role --role-arn $ASSUME_ROLE --role-session-name ${EKS_CLUSTER_NAME}-shell --output json | jq -r '.Credentials | "export AWS_ACCESS_KEY_ID=\(.AccessKeyId) AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) AWS_SESSION_TOKEN=\(.SessionToken)"')
 
 # TODO: This should probably not use eval
 eval "$ACCESS_VARS"