Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AWS session credentials #634

Open
skeggse opened this issue Feb 1, 2023 · 1 comment
Open

Support AWS session credentials #634

skeggse opened this issue Feb 1, 2023 · 1 comment

Comments

@skeggse
Copy link

skeggse commented Feb 1, 2023

We use session credentials from the result of an sts:AssumeRole call (via the configure-aws-credentials action). These credentials take three parts rather than the two of static credentials: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. bazel-remote does not seem to consume the AWS_SESSION_TOKEN environment variable, so it tries to interpret these credentials as static credentials:

WARNING: Remote Cache: io.grpc.StatusRuntimeException: UNKNOWN: The AWS Access Key Id you provided does not exist in our records.

Ideally, this common form of expressing AWS credentials would be supported by bazel-remote.

References:

There's probably a workaround for this by using a configuration file and a profile flag, but
@pauldraper
Copy link

A workaround that should work: #493 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skeggse @pauldraper