Hello
I’m automating my image build process using AWS CodeBuild and AWS CodePipeline, FYI the build host is a Docker container as described below:
environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "aws/codebuild/amazonlinux2-x86_64-standard:5.0"
type = "LINUX_CONTAINER"
image_pull_credentials_type = "CODEBUILD"
}
But I’m getting this error:
EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment
[Container] 2023/12/09 09:28:58.032338 Command did not exit successfully $HOME/.ops/bin/ops image create app --show-debug --show-errors --show-warnings --target-cloud aws --zone $AWS_DEFAULT_REGION --arch=arm64 --args app --disable-args-copy -e ENVIRONMENT=$ENVIRONMENT -e PORT=$PORT -e GIN_MODE=$GIN_MODE --imagename $IMAGE_NAME --nanos-version $NANOS_VERSION --config config.json exit status 1
Since everything runs within AWS cloud there is no need to use the mentioned environment variables nor pass them as secrets because permissions to create snapshots/amis can be granted to the build host via an IAM policy which is attached to the IAM role assumed by the instance profile.
So, is possible to bypass this check? if not I would kindly request this feature to be added, note that managing permissions/access via IAM policies rather than env vars or secrets is the best practice within the AWS cloud.
Thanks and regards,
Ernesto Medina.