Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Removed AWS_ACCESS_KEY_ID yet it still builds


Hi, I'm trying to figure out why my build uses a different AWS_ACCESS_KEY_ID.


Here are the things I've tried so far

  • I've created an AWS user for bitbucket pipeline and set AWS_ACCESS_KEY_ID(whenever I refer to this, it also includes the secret var) in the repo's Repository Variables
  • at the beginning of the pipeline, I print what was the identity awscli was using by `aws sts get-caller-identity`.  I got a completely different identity!
  • So I removed AWS_ACCESS_KEY_ID from the Repository Variables. Same thing, still getting the wrong identity.
  • I checked the workspace variables, AWS_ACCESS_KEY_ID is not set there.
  • I checked my repo for all AWS related variables/script/configurations/passwords/etc but nothing. I don't commit keys in the repo.


So where else could variable AWS_ACCESS_KEY_ID be set? Am I missing something here?


Here is a snippet of my pipeline:

- step:
name: Build & Deploy
image: node:14
- node
- //do build
- dist/**
- step:
name: Deploy to S3
image: amazon/aws-cli
deployment: production
- aws sts get-caller-identity
- ls -ltR dist/
- aws s3 sync ... --acl=public-read
- aws cloudfront create-invalidation ...



1 answer

2 votes

Hi @rraboy ,

I can see that the step where you use the "aws sts get-caller-identity" command is a deployment step.

It is possible that there is a deployment variable with the name AWS_ACCESS_KEY_ID for the environment 'production', which would explain the behavior you are seeing. If the same name is used for repository, workspace, and deployment variables, the order of overrides is Deployment > Repository > Account > Default variables.

If you navigate to this repo in Bitbucket UI, select Repository settings > then select the option Deployments (it is right above the Repository variables option) > expand the environment named 'production', can you see any variable named AWS_ACCESS_KEY_ID for that environment?

Kind regards,

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

📣 Calling Bitbucket Data Center customers to participate in research

Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...

185 views 2 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you