From a6de0ab30a02770401627744be98f30f5247e6d9 Mon Sep 17 00:00:00 2001 From: Nikita Podshivalov Date: Thu, 3 Aug 2023 19:25:53 +0200 Subject: [PATCH] Fix assume role for the fresh account A new account doesn't have cdk-hnb659fds-lookup-role --- deploy/stacks/param_store_stack.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/deploy/stacks/param_store_stack.py b/deploy/stacks/param_store_stack.py index d06548746..ad347d10f 100644 --- a/deploy/stacks/param_store_stack.py +++ b/deploy/stacks/param_store_stack.py @@ -130,16 +130,17 @@ def _get_external_id_value(envname, account_id, region): region_name=region, endpoint_url=f"https://sts.{region}.amazonaws.com" ) - response = sts.assume_role(**assume_role_dict) - session = boto3.Session( - aws_access_key_id=response['Credentials']['AccessKeyId'], - aws_secret_access_key=response['Credentials']['SecretAccessKey'], - aws_session_token=response['Credentials']['SessionToken'], - ) - - secret_id = f"dataall-externalId-{envname}" - parameter_path = f"/dataall/{envname}/pivotRole/externalId" try: + response = sts.assume_role(**assume_role_dict) + session = boto3.Session( + aws_access_key_id=response['Credentials']['AccessKeyId'], + aws_secret_access_key=response['Credentials']['SecretAccessKey'], + aws_session_token=response['Credentials']['SessionToken'], + ) + + secret_id = f"dataall-externalId-{envname}" + parameter_path = f"/dataall/{envname}/pivotRole/externalId" + ssm_client = session.client('ssm', region_name=region) parameter_value = ssm_client.get_parameter(Name=parameter_path)['Parameter']['Value'] return parameter_value