We just started using GitLab CI and currently we use different AWS accounts to separate our dev and prod environments. Thus far I haven’t been able to configure my runner to respect my AWS access key and secret access key credentials that are different for my two environments. Everything has been really easy to use except being able to upload to multiple AWS accounts. If anyone has an advice on this it would be much appreciated. My use case is really simple I’m just uploading a tarball to an s3 bucket one for dev and one for prod and I’m using the secret environment variables to store my keys for the separate environments. This is my config:
stages:
- build
- deploy
variables:
ARTIFACT_NAME: my-cookbook.tgz
DEV_BUCKET: dev-account-devops
PROD_BUCKET: prod-account-devops
S3_PATH: elk/${ARTIFACT_NAME}-${CI_BUILD_ID}-${CI_BUILD_REF}
package:
stage: build
script: git archive --format tgz HEAD > $ARTIFACT_NAME
artifacts:
untracked: true
expire_in: 1 week
deploy_development:
stage: deploy
script:
- export AWS_ACCESS_KEY=$DEV_AWS_ACCESS_KEY
- export AWS_SECRET_ACCESS_KEY=$DEV_SECRET_ACCESS_KEY
- aws s3 cp $ARTIFACT_NAME s3://$DEV_BUCKET/$S3_PATH
environment: development
deploy_production:
stage: deploy
script:
- export AWS_ACCESS_KEY=$PROD_AWS_ACCESS_KEY
- export AWS_SECRET_ACCESS_KEY=$PROD_SECRET_ACCESS_KEY
- aws s3 cp $ARTIFACT_NAME s3://$PROD_BUCKET/$S3_PATH
environment: production
when: manual
only:
- master