-
-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Persist environment variables from commands #1008
Comments
I think you could write a "auto.tfvars" file so terraform can pick the values from there |
That works if we need them as terraform variables, but this is a session that expires and our terraform code expects the user to be already authenticated to AWS, that's why there is a need for injecting these environment variables to the job. |
Adding that to save the environment variables will require some work. Another alternative will be that you use "aws dynamic credentials" so the workspace can authenticate automatically with AWS without any kind of secrets, instead of defining "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY" and "AWS_SESSION_TOKEN" terrakube will use the role that you define in the env variable "WORKLOAD_IDENTITY_ROLE_AWS" and you dont have to worry about any secrets You could check here for the AWS dynamic credentials support: In that way your workspace will be "passwordless" and you will get the same effect as the above example using "aws sts assume-role --role-arn " |
Feature description 💡
Currently when environment variables are set in a
BASH
command, those variables do not persist in the flow. For example, let's say I want to assume a role in AWS and then run terraform plan. I want to accomplish this with the following template:That way, terraform can plan and apply using the designated role
Anything else?
No response
The text was updated successfully, but these errors were encountered: