a7f0c828ac* Support usage of AWS Profiles
* squash merge main updates w feature branch
Squashed commit of the following:
commit ef2df4679f908ff30d5a711258ace2fa906c4bf3
Author: Michael Lehmann <lehmanmj@amazon.com>
Date: Tue Mar 17 11:24:04 2026 -0700
dist update
commit db3779a0e9
Author: Jan Feddern <jf@novatec-gmbh.de>
Date: Sun Dec 21 11:28:36 2025 +0100
Support usage of AWS Profiles
* chore: Update dist
* consistent outputEnvCredentials
* take out tests temporarily
* chore: Update dist
* debug changes for static creds
* remove debug and only cleanup profile if it was set
* formatting fixes + remove profile from cleanup test
* feat: Support usage of AWS Profiles
Adds a config option to support writing to profile files instead of
exporting environment variables.
Closes #1594. Closes #1586. Closes #112.
* chore: fix failing test case and windows path
* chore: lint project markdown files
* chore: update scripts in package.json and tsconfig update
* make env vars consistent, readme linting
* debug for profile path env vars
* remove debug
* remove profile backups
* error if we try to overwrite
* add option to overwrite existing profiles
* tests for overwrite option
* default to no env vars
* remove default from action file
* add static credential env var support
* validation fix for static creds multi profile
* debug sleep for static creds validation
* wait syntax
* undo sleep for creds validate
* test coverage, readme/action yml updates, validate creds later on self-hosted runner
* security dependency updates
* chore(deps-dev): bump @biomejs/biome from 2.4.8 to 2.4.10 (#1709)
Bumps [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) from 2.4.8 to 2.4.10.
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)
---
updated-dependencies:
- dependency-name: "@biomejs/biome"
dependency-version: 2.4.10
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @aws-sdk/credential-provider-env (#1713)
Bumps [@aws-sdk/credential-provider-env](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages-internal/credential-provider-env) from 3.972.22 to 3.972.24.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages-internal/credential-provider-env/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/HEAD/packages-internal/credential-provider-env)
---
updated-dependencies:
- dependency-name: "@aws-sdk/credential-provider-env"
dependency-version: 3.972.24
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: Update dist
* chore(deps): bump @aws-sdk/client-sts from 3.1015.0 to 3.1020.0 (#1710)
Bumps [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) from 3.1015.0 to 3.1020.0.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1020.0/clients/client-sts)
---
updated-dependencies:
- dependency-name: "@aws-sdk/client-sts"
dependency-version: 3.1020.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: Update dist
* fix: do not write empty profile files
Also cleanup fix, additional test, README typo cleanup
* linting fix
* chore: linting fix
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jan Feddern <jf@novatec-gmbh.de>
Co-authored-by: Michael Lehmann <lehmanmj@amazon.com>
Co-authored-by: GitHub Actions <github-aws-sdk-osds-automation@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
24 lines
1.5 KiB
Markdown
24 lines
1.5 KiB
Markdown
# cfn-deploy example
|
|
|
|
Example uses aws-action `configure-aws-credentials` with OIDC federation. Prior
|
|
to using this example project, the user needs to deploy the
|
|
[github-actions-oidc-federation-and-role](../federated-setup/github-actions-oidc-federation-and-role.yml)
|
|
template in the AWS account they want to deploy the CloudFormation template
|
|
into. Specify the GitHub Organization name, repository name, and the specific
|
|
branch you want to deploy on.
|
|
|
|
Within the [github/workflows](./.github/workflows/) directory there is a
|
|
[compliance.yml](./.github/workflows/compliance.yml) and a
|
|
[deploy.yml](./.github/workflows/deploy.yml). The deploy.yml file leverages the
|
|
aws-action `configure-aws-credentials` and accesses GitHub Action Secrets for
|
|
some of the variables. The compliance.yml runs static application security
|
|
testing using cfn-guard.
|
|
|
|
To use the example you will need to set the following GitHub Action Secrets:
|
|
|
|
| Secret Key | Used With | Description |
|
|
| --------------- | -------------------------------- | ---------------------------------------- |
|
|
| AWS_ACCOUNT_ID | configure-aws-credentials | The AWS account ID |
|
|
| AWS_DEPLOY_ROLE | configure-aws-credentials | The name of the IAM role |
|
|
| VPC_ID | aws-cloudformation-github-deploy | VPC ID the EC2 Bastion is deployed to |
|
|
| SUBNET_ID | aws-cloudformation-github-deploy | Subnet ID the EC2 Bastion is deployed to |
|