I have a simple pipeline for deployment of react app to s3 bucket along with CloudFront invalidation. AWS credentials (secured) where as AWS default region, S3 bucket name and CloudFront Distribution ID are defined in repository variables as unsecured. During execution of the pipeline, I see the aws s3 sync command fails because the secured deployment variables are not getting set in the execution context. The unsecured variables are working fine.
What am I doing wrong? Seems like a basic setup.
Hi @Ajit and welcome to the community!
Pipelines mask all occurrences of a secure variable's value in your log files, regardless of how that output was generated. If a value matching a secured variable appears in the logs, Pipelines will replace it with $VARIABLE_NAME. Even though the value is masked in the logs, it is still substituted.
In case you have defined both repository and deployment variables with the same name, and this step is a deployment step where the deployment variables have been defined for the environment, the deployment variables will be used instead of the repository ones.
Reference:
You can check the following knowledge base article on how to safely export secured variables in bitbucket pipelines, so you can double-check if they get substituted properly and if their value is correct:
Kind regards,
Theodora
@Ajit hi. This is a good idea to start using pipes. Here is an example using an aws-s3-deploy
pipe to sync your files to S3 and triggering a distribution invalidation from aws-cloudfront-invalidate
to refresh the CDN caches:
script: - pipe: atlassian/aws-s3-deploy:0.3.2 variables: AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY AWS_DEFAULT_REGION: 'us-east-1' S3_BUCKET: 'my-bucket-name' LOCAL_PATH: 'build' - pipe: atlassian/aws-cloudfront-invalidate:0.9.0 variables: AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION DISTRIBUTION_ID: '123xyz'
To discover more pipes, visit our Bitbucket Pipes Marketplace.
Regards, Igor
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.