Authenticate per-region for make-amis

2020-05-28 12:48:59 -07:00 · 2020-05-28 12:48:59 -07:00 · 41f127d77b
parent bfc4bf99bf
commit 41f127d77b
1 changed files with 10 additions and 1 deletions
--- a/scripts/builder.py
+++ b/scripts/builder.py
@ -214,6 +214,8 @@ class MakeAMIs:

    @staticmethod
    def add_args(parser):
+        parser.add_argument("--region", "-r", default="us-west-2",
+            help="region to use for build")
        parser.add_argument("profile", help="name of profile to build")
        parser.add_argument("builds", nargs="*",
            help="name of builds within a profile to build")
@ -232,6 +234,7 @@ class MakeAMIs:
                print(f"Build dir '{build_dir}' does not exist")
                break

+            creds = IdentityBrokerClient().get_credentials(args.region)
            out = io.StringIO()

            res = subprocess.Popen([
@ -239,7 +242,13 @@ class MakeAMIs:
                    "build",
                    f"-var-file={build_dir}/vars.json",
                    "packer.json"
-                ], stdout=subprocess.PIPE, encoding="utf-8")
+                ], stdout=subprocess.PIPE, encoding="utf-8", env={
+                    "PATH": os.environ.get("PATH"),
+                    "AWS_ACCESS_KEY_ID": creds["access_key"],
+                    "AWS_SECRET_ACCESS_KEY": creds["secret_key"],
+                    "AWS_SESSION_TOKEN": creds["session_token"],
+                    "AWS_DEFAULT_REGION": args.region,
+                })

            while res.poll() is None:
                text = res.stdout.readline()