Deployment variables are not getting substituted at all

Ajit
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 12, 2023

I have a simple pipeline for deployment of react app to s3 bucket along with CloudFront invalidation. AWS credentials (secured) where as AWS default region, S3 bucket name and CloudFront Distribution ID are defined in repository variables as unsecured. During execution of the pipeline, I see the aws s3 sync command fails because the secured deployment variables are not getting set in the execution context. The unsecured variables are working fine. 

What am I doing wrong? Seems like a basic setup.

 

 

 

2 answers

0 votes
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 16, 2023

Hi @Ajit and welcome to the community!

Pipelines mask all occurrences of a secure variable's value in your log files, regardless of how that output was generated. If a value matching a secured variable appears in the logs, Pipelines will replace it with $VARIABLE_NAME. Even though the value is masked in the logs, it is still substituted.

In case you have defined both repository and deployment variables with the same name, and this step is a deployment step where the deployment variables have been defined for the environment, the deployment variables will be used instead of the repository ones.

Reference:

You can check the following knowledge base article on how to safely export secured variables in bitbucket pipelines, so you can double-check if they get substituted properly and if their value is correct:

Kind regards,
Theodora

0 votes
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 13, 2023

@Ajit hi. This is a good idea to start using pipes. Here is an example using an aws-s3-deploy pipe to sync your files to S3 and triggering a distribution invalidation from aws-cloudfront-invalidate to refresh the CDN caches:

 

script:
  - pipe: atlassian/aws-s3-deploy:0.3.2
    variables:
      AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
      AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
      AWS_DEFAULT_REGION: 'us-east-1'
      S3_BUCKET: 'my-bucket-name'
      LOCAL_PATH: 'build'

  - pipe: atlassian/aws-cloudfront-invalidate:0.9.0
    variables:
      AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
      AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
      AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION
      DISTRIBUTION_ID: '123xyz'

To discover more pipes, visit our Bitbucket Pipes Marketplace.

 

Regards, Igor 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events