cdk-pipelines-github icon indicating copy to clipboard operation
cdk-pipelines-github copied to clipboard

Published 20 hours ago verified publisher icon cdklabs

feat: Support runners with preconfigured credentials

Open christophgysin opened this issue 1 year ago • 0 comments

This introduces a new property awsCreds to configure the AWS credential provider. The old properties awsCredentials and gitHubActionRoleArn are now deprecated.

The change is backwards compatible. To move to the new property, change:

{
  ...
  awsCredentials: {
    awsAccessKeyId: 'MY_KEY_ACCESS_KEY_ID',
    secretAccessKey: 'MY_SECRET_ACCESS_KEY',
  },
}

to:

{
  ...
  awsCreds: AwsCredentials.fromGitHubSecrets({
    awsAccessKeyId: 'MY_KEY_ACCESS_KEY_ID',
    secretAccessKey: 'MY_SECRET_ACCESS_KEY',
  }),
}

Or when using OpenID Connect, change:

{
  ...
  gitHubActionRoleArn: 'myRoleArn',
}

to:

{
  ...
  awsCreds: AwsCredentials.fromOpenIdConnect({
    gitHubActionRoleArn: 'myRoleArn',
  }),
}

Additionally, you can now configure the pipeline to not provide any AWS credntials, which can be useful when your runners already provide credentials themselves:

{
  ...
  awsCreds: AwsCredentials.runnerHasPreconfiguredCreds(),
}

Fixes #362

christophgysin avatar Oct 13 '22 21:10 christophgysin