Skip to content
This repository has been archived by the owner on Oct 3, 2024. It is now read-only.

Commit

Permalink
Dynamically set AWS account ID in iam script
Browse files Browse the repository at this point in the history
  • Loading branch information
Lucas Rodriguez committed Oct 4, 2023
1 parent 7b0f9f8 commit 9ca9e8b
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 3 deletions.
2 changes: 1 addition & 1 deletion bootstrap/iam/ecr-credential-helper-role.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::331924599099:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/{{EKS_CLUSTER_ID}}"
"Federated": "arn:aws:iam::{{AWS_ACCOUNT_ID}}:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/{{EKS_CLUSTER_ID}}"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/iam/ecr-webhook-role.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::331924599099:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/{{EKS_CLUSTER_ID}}"
"Federated": "arn:aws:iam::{{AWS_ACCOUNT_ID}}:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/{{EKS_CLUSTER_ID}}"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
Expand Down
8 changes: 7 additions & 1 deletion bootstrap/iam/iam.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,24 @@ create() {
exit 1
fi

# Fetch AWS account ID
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text)

# Fetch the EKS Cluster ID
EKS_CLUSTER_ID=$(aws eks describe-cluster --name "$2" --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)
if [ -z "$EKS_CLUSTER_ID" ]; then
echo "Failed to fetch EKS cluster OIDC provider ID. Please ensure you provided the correct cluster name"
exit 1
fi

# Replace the placeholder in the JSON files with the EKS Cluster ID
# Replace the placeholder in the JSON files with the AWS account ID and EKS cluster ID
SED_CMD="sed"
if [ "$(uname -s)" = "Darwin" ]; then
SED_CMD="gsed"
fi
"$SED_CMD" -i "s/{{AWS_ACCOUNT_ID}}/$AWS_ACCOUNT_ID/g" ecr-webhook-role.json
"$SED_CMD" -i "s/{{AWS_ACCOUNT_ID}}/$AWS_ACCOUNT_ID/g" ecr-credential-helper-role.json

"$SED_CMD" -i "s/{{EKS_CLUSTER_ID}}/$EKS_CLUSTER_ID/g" ecr-webhook-role.json
"$SED_CMD" -i "s/{{EKS_CLUSTER_ID}}/$EKS_CLUSTER_ID/g" ecr-credential-helper-role.json

Expand Down

0 comments on commit 9ca9e8b

Please sign in to comment.