How to run aws configure in a travis deploy script?

amazon-web-services configuration travis-ci continuous-deployment aws-cli
Dave Sag picture Dave Sag · May 17, 2016 · Viewed 9k times · Source

I am trying to get travis-ci to run a custom deploy script that uses awscli to push a deployment up to my staging server.

In my .travis.yml file I have this:

before_deploy:
  - 'curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"'
  - 'unzip awscli-bundle.zip'
  - './awscli-bundle/install -b ~/bin/aws'
  - 'export PATH=~/bin:$PATH'
  - 'aws configure'

And I have set up the following environment variables:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION

with their correct values in the travis-ci web interface.

However when the aws configure runs, it stops and waits for user input. How can I tell it to use the environment variables I have defined?

Answer

Francesco Casula picture Francesco Casula · Jun 30, 2017

Darbio's solution works fine but it's not taking into consideration that you may end up pushing your AWS credentials in your repository.

That is a bad thing especially if docker is trying to pull a private image from one of your ECR repositories. It would mean that you probably had to store your AWS production credentials in the .travis.yml file and that is far from ideal.

Fortunately Travis gives you the possibility to encrypt environment variables, notification settings, and deploy api keys.

gem install travis

Do a travis login first of all, it will ask you for your github credentials. Once you're logged in get in your project root folder (where your .travis.yml file is) and encrypt your access key id and secret access key.

travis encrypt AWS_ACCESS_KEY_ID="HERE_PUT_YOUR_ACCESS_KEY_ID" --add
travis encrypt AWS_SECRET_ACCESS_KEY="HERE_PUT_YOUR_SECRET_ACCESS_KEY" --add

Thanks to the --add option you'll end up with two new (encrypted) environment variables in your configuration file. Now just open your .travis.yml file and you should see something like this:

env:
    global:
        - secure: encrypted_stuff
        - secure: encrypted_stuff

Now you can make travis run a shell script that creates the ~/.aws/credentials file for you.

ecr_credentials.sh

#!/usr/bin/env bash

mkdir -p ~/.aws

cat > ~/.aws/credentials << EOL
[default]
aws_access_key_id = ${AWS_ACCESS_KEY_ID}
aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}
EOL

Then you just need to run the ecr_credentials.sh script from your .travis.yml file:

before_install:
    - ./ecr_credentials.sh

Done! :-D

Source: Encription keys on Travis CI

Related questions

Permission denied (publickey) when SSH Access to Amazon EC2 instance

I want to use my Amazon ec2 instance but faced the following error: Permission denied (publickey). I have created my key pair and downloaded .pem file. Given: chmod 600 pem file. Then, this command ssh -i /home/kashif/serverkey.pem ubuntu@…

Read More
Trying to SSH into an Amazon Ec2 instance - permission error

This is probably a stupidly simple question to some :) I've created a new linux instance on Amazon EC2, and as part of that downloaded the .pem file to allow me to SSH in. When I tried to ssh with: ssh …

Read More
Downloading an entire S3 bucket?

I noticed that there doesn't seem to be an option to download an entire S3 bucket from the AWS Management Console. Is there an easy way to grab everything in one of my buckets? I was thinking about making the …

Read More