v4.1.0 - Add Region Flag to Assume Role Command, Bug fixes and Refactoring

What's Changed

• fix: add touch to initialize $bash_env by @brivu in #138
• fix: role session name by @brivu in #140
• fix: nounset shell by @brivu in #141
• fix: set default region by @brivu in #142
• fix:terraform image install by @brivu in #144
• chore: update MacOS executor to use Gen2 by @JoeMitchellJones in #145
• feat: features and bug fixes from pull requests by @brivu in #154

New Contributors

• @JoeMitchellJones made their first contribution in #145

Full Changelog: v4.0.0...v4.1.0

v4.0.0 - Major Orb Tools Update

Description

This major release updates the AWS CLI Orb to the new major version of Orb Tools. As it contains breaking changes, several modifications were unnecessary to move from v11 to v12.

Changes

1. All parameters and commands containing dashes have been converted to the new snake case standard (replace - with _).
2. The comprehensive list of changes can be found below.

Changes in .circleci/config.yml:

1. Update the orb-tools version from 11.6 to 12.0.
2. Move the job requirement list from orb-tools/publish to orb-tools/continue.
3. Remove the orb-tools/publish job since development versions are no longer necessary.
4. Add the new orb_name parameter in orb-tools/continue.
5. Rename the orb-tools/continue job parameters to comply with the new snake case standard.
   • orb_name, pipeline_number and vcs_type.

Changes in .circleci/test-deploy.yml:

1. Update the orb-tools version from 11.6 to 12.0.
2. Remove the aws-cli: circleci/aws-cli@dev:<<pipeline.git.revision>> line, and replace it with aws-cli: {}.
3. Remove the orb-tools/lint, orb-tools/pack, and orb-tools/review jobs. ⚠️
4. Rename the orb-tools/publish job parameters to comply with the new snake case standard.
   • orb_name, vcs_type, pub_type, enable_pr_comment and github_token.
5. Change the orb-tools/pack filter to trigger only on tagged releases.

Changes in src/commands/setup.yml

1. Change the aws-region parameter to region. The new type is a string with a default value of ${AWS_DEFAULT_REGION}

Changes in src/examples/configure_role_arn.yml:

1. Replace aws-cli/configure-role-arn with aws-cli/configure_role_arn to comply with the new snake case standard.

Changes in src/examples/install_aws_cli_with_web_identity.yml:

1. Replace aws-cli/install_aws_cli_with_web_identity with aws-cli/install_aws_cli_with_web_identity to comply with the new snake case standard.

Changes in src/examples/install_aws_cli:

1. Replace aws-cli/install_aws_cli_with_web_identity with aws-cli/install_aws_cli_with_web_identity to comply with the new snake case standard.

---

⚠️: This change is not related to the migration itself. These jobs were redundant in test-deploy.yml as they already run in config.yml. See Orb-Template #2.

v3.1.5 - Update CircleCI OIDC Token to Version 2

What's Changed

• patch: update to oidc token v2 by @jenny-miggin in #130

New Contributors

• @jenny-miggin made their first contribution in #130

Full Changelog: v3.1.4...v3.1.5

v3.1.4 - Patch fix for Alpine Linux Installation

What's Changed

• fix: added --force-overwrite flag to fix glibc install by @brivu in #126

Full Changelog: v3.1.3...v3.1.4

v3.1.3 - Minor bug fixes for Alpine support

What's Changed

• fix: source env vars for alpine linux by @brivu in #118

Full Changelog: v3.1.2...v3.1.3

v3.1.2 - Minor bug fixes

What's Changed

• fix: made script posix compliant by @brivu in #115
• [semver:skip] Fixing typo in parameter description by @yaningo in #112
• fix: added error messages for missing parameters by @brivu in #116
• fix: addressed shellcheck errors by @brivu in #117

New Contributors

• @yaningo made their first contribution in #112

Full Changelog: v3.1.1...v3.1.2

v3.1.1

This patch update addresses the following issues:

1. #107
2. #106
3. #105

What's Changed

• fix:v3.1.1 by @brivu in #108

Full Changelog: v3.1.0...v3.1.1

v3.1.0 - AWS Web Identity Support using CIRCLE_OIDC token

What's Changed

• feat: v3.1.0 by @brivu in https://github.com/CircleCI-Public/aws-cli-orb/pull103

This minor version update includes the following changes:

Added Commands

assume-role-with-web-identity - This command generates short lived AWS keys using OpenID Connect. You use an IAM OIDC identity provider to establish trust between CircleCI and your AWS account when running jobs. Creating a Web Identity based role-arn that's compatible with OpenID Connect in AWS IAM is required.

Added Features

setup command now includes assume-role-with-web-identity command. The setup command installs the aws cli and runs the assume-role-with-web-identity command if the role-session-id and role-arn parameters are passed. If not, a profile is configured with the AWS_SECRET_KEY_ID and AWS_SECRET_ACCESS_KEY that are passed as environment variables.

Added Parameters

assume-role-with-web-identity command has the following parameters

• role-arn: The Amazon Resource Name (ARN) of the role that the caller is assuming. Role ARN must be configured for web identity in this command.
• role-session-name: An identifier for the assumed role session. It must be less than 64 characters
• session-duration: The duration of the session in seconds. It defaults to 3600 seconds (1 hour).
• profile-name: The profile name to be configured with Web Identity

Usage Example

description: |
  Setup the AWS CLI and configure with Web Identity.
  Assume roles on AWS without storing keys on CircleCI and utilize short-term credentials instead.
  For more information, see the CircleCI OIDC docs: https://circleci.com/docs/2.0/openid-connect-tokens
usage:
  version: 2.1

  orbs:
    aws-cli: circleci/aws-cli@3.1

  jobs:
    aws-cli-example:
      executor: aws-cli/default
      steps:
        - checkout
        - aws-cli/setup:
            profile-name: WEB IDENTITY PROFILE
            role-arn: arn:aws:iam::123456789012:role/WEB-IDENTITY-ROLE
            role-session-name: example-session
        - run: echo "Run your code here"

  workflows:
    aws-cli:
      jobs:
        - aws-cli-example:
            context: aws

Full Changelog: v3.0.0...v3.1.0

v3.0.0 - Windows and Alpine Linux Support

What's Changed

• feat!: v3.0.0 by @brivu in #98

This version update includes the following breaking changes:

• role-arn parameter has been removed from the setup command and is now exclusively in the role-arn-setup command.

New parameters:

install command now lets users specify the install and binary directories for the aws cli

• install-dir: Specify the installation dirertory of AWS CLI. Defaults to /usr/local/aws-cli
• binary-dir: The main aws program in the install directory is symbolically linked to the file aws in this specified path. Defaults to /usr/local/bin

Added features:

install command can now be installed on Alpine Linux and Windows bash.exe

• Windows uses Choclatey to add AWS and must be installed prior.
• When installing AWS on Windows, bash.exe must be specified when defining the executor using the shell parameter like so:

windows:
    machine:
      image: windows-server-2019-vs2019:stable
    shell: bash.exe
    resource_class: windows.medium

Issues closed:

1. #82
2. #77
3. #46
4. #95

PR's closed:

1. #92
2. #88
3. #79
4. #57
5. #96
6. #97

Full Changelog: v1.4.1...v3.0.0