version: 0.2 phases: install: runtime-versions: golang: 1.13 python: 3.x pre_build: commands: - echo Publish SSM parameters build: commands: # Enforce STS regional endpoints - export AWS_STS_REGIONAL_ENDPOINTS=regional - './scripts/publish.sh cicd-publish-ssm ${AWS_REGION}' # Assume role to verify, get the credentials, and set them as environment variables. # Verification should be done using the credentials from a different account. It ensures that # the ssm parameters we published are public and accessible from any account. - CREDS=`aws sts assume-role --role-arn ${VERIFY_ROLE_ARN} --role-session-name ${AWS_REGION} --region ${AWS_REGION}` - export AWS_ACCESS_KEY_ID=`echo $CREDS | jq -r .Credentials.AccessKeyId` - export AWS_SECRET_ACCESS_KEY=`echo $CREDS | jq -r .Credentials.SecretAccessKey` - export AWS_SESSION_TOKEN=`echo $CREDS | jq -r .Credentials.SessionToken` - './scripts/publish.sh cicd-verify-ssm ${AWS_REGION}' artifacts: files: - '**/*'