Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat(GitHub): migrate configure-aws-credentials steps to IAM role assumption #3377

Merged
merged 3 commits into from
Sep 12, 2024
Merged

feat(GitHub): migrate configure-aws-credentials steps to IAM role assumption #3377

merged 3 commits into from
Sep 12, 2024

Conversation

adutchak
Copy link
Contributor

Why this should be merged

This improves the security and we can get rid of using static AWS credentials

How this works

The configure-aws-credentials now assumes pre-configured IAM role

How this was tested

We successfully used this approach for another repos

@adutchak adutchak requested a review from marun as a code owner September 10, 2024 09:34
@StephenButtolph StephenButtolph dismissed their stale review September 10, 2024 16:39

still looking

StephenButtolph
StephenButtolph reviewed Sep 10, 2024
View reviewed changes
Copy link
Contributor

@StephenButtolph StephenButtolph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we be updating these here as well?

avalanchego/.github/workflows/build-public-ami.yml

Lines 50 to 55 in 8974ed8

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.MARKETPLACE_ID }}
aws-secret-access-key: ${{ secrets.MARKETPLACE_KEY }}
aws-region: us-east-1

It does use a different access key tho.. so might be intended

@adutchak
Copy link
Contributor Author

Should we be updating these here as well?

avalanchego/.github/workflows/build-public-ami.yml

Lines 50 to 55 in 8974ed8

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.MARKETPLACE_ID }}
aws-secret-access-key: ${{ secrets.MARKETPLACE_KEY }}
aws-region: us-east-1

It does use a different access key tho.. so might be intended

Updated

@StephenButtolph StephenButtolph added this pull request to the merge queue Sep 12, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Sep 12, 2024
@StephenButtolph StephenButtolph added this pull request to the merge queue Sep 12, 2024
Merged via the queue into ava-labs:master with commit 6549c2d Sep 12, 2024
20 of 21 checks passed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@StephenButtolph StephenButtolph StephenButtolph approved these changes

@marun marun marun approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adutchak @marun @StephenButtolph