Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Removed AWS_ACCESS_KEY_ID yet it still builds Edited

Hi, I'm trying to figure out why my build uses a different AWS_ACCESS_KEY_ID.

 

Here are the things I've tried so far

  • I've created an AWS user for bitbucket pipeline and set AWS_ACCESS_KEY_ID(whenever I refer to this, it also includes the secret var) in the repo's Repository Variables
  • at the beginning of the pipeline, I print what was the identity awscli was using by `aws sts get-caller-identity`.  I got a completely different identity!
  • So I removed AWS_ACCESS_KEY_ID from the Repository Variables. Same thing, still getting the wrong identity.
  • I checked the workspace variables, AWS_ACCESS_KEY_ID is not set there.
  • I checked my repo for all AWS related variables/script/configurations/passwords/etc but nothing. I don't commit keys in the repo.

 

So where else could variable AWS_ACCESS_KEY_ID be set? Am I missing something here?

 

Here is a snippet of my pipeline:


pipelines:
default:
- step:
name: Build & Deploy
image: node:14
caches:
- node
script:
- //do build
artifacts:
- dist/**
- step:
name: Deploy to S3
image: amazon/aws-cli
deployment: production
script:
- aws sts get-caller-identity
- ls -ltR dist/
- aws s3 sync ... --acl=public-read
- aws cloudfront create-invalidation ...

 

 

1 answer

2 votes

Hi @rraboy ,

I can see that the step where you use the "aws sts get-caller-identity" command is a deployment step.

It is possible that there is a deployment variable with the name AWS_ACCESS_KEY_ID for the environment 'production', which would explain the behavior you are seeing. If the same name is used for repository, workspace, and deployment variables, the order of overrides is Deployment > Repository > Account > Default variables.

If you navigate to this repo in Bitbucket UI, select Repository settings > then select the option Deployments (it is right above the Repository variables option) > expand the environment named 'production', can you see any variable named AWS_ACCESS_KEY_ID for that environment?

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket Pipelines

Bitbucket Pipelines Runners is now in open beta

We are excited to announce the open beta program for self-hosted runners. Bitbucket Pipelines Runners is available to everyone. Please try it and let us know your feedback. If you have any issue...

3,650 views 63 19
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you