I have a pipeline step that already successfully updates a lambda. However, I just tried the example where we subsequently get the version number and assign an alias to it in the same step. The second pipe call fails with
Traceback (most recent call last):
File "/pipe.py", line 341, in <module>
pipe.run()
File "/pipe.py", line 304, in run
self.check_lamda_state_and_status()
File "/pipe.py", line 257, in check_lamda_state_and_status
response = self.client.get_function(
File "/usr/local/lib/python3.10/site-packages/botocore/client.py", line 530, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.10/site-packages/botocore/client.py", line 943, in _make_api_call
http, parsed_response = self._make_request(
File "/usr/local/lib/python3.10/site-packages/botocore/client.py", line 966, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "/usr/local/lib/python3.10/site-packages/botocore/endpoint.py", line 119, in make_request
return self._send_request(request_dict, operation_model)
File "/usr/local/lib/python3.10/site-packages/botocore/endpoint.py", line 198, in _send_request
request = self.create_request(request_dict, operation_model)
File "/usr/local/lib/python3.10/site-packages/botocore/endpoint.py", line 134, in create_request
self._event_emitter.emit(
File "/usr/local/lib/python3.10/site-packages/botocore/hooks.py", line 412, in emit
return self._emitter.emit(aliased_event_name, **kwargs)
File "/usr/local/lib/python3.10/site-packages/botocore/hooks.py", line 256, in emit
return self._emit(event_name, kwargs)
File "/usr/local/lib/python3.10/site-packages/botocore/hooks.py", line 239, in _emit
response = handler(**kwargs)
File "/usr/local/lib/python3.10/site-packages/botocore/signers.py", line 105, in handler
return self.sign(operation_name, request)
File "/usr/local/lib/python3.10/site-packages/botocore/signers.py", line 189, in sign
auth.add_auth(request)
File "/usr/local/lib/python3.10/site-packages/botocore/auth.py", line 418, in add_auth
raise NoCredentialsError()
botocore.exceptions.NoCredentialsError: Unable to locate credentials
I notice that even though I specified an OIDC role in the second call as well, the variable dump does not contain --env=AWS_OIDC_ROLE_ARN="${OIDC_LAMBDA_ROLE}", only for the first one.
I am using atlassian/aws-lambda-deploy:1.8.2.
@François Collins hi. I could not reproduce your issue.
Used the next setup according to your case:
image: atlassian/default-image:4 test: &test step: oidc: true script: # Update lambda code and publish a new version - pipe: atlassian/aws-lambda-deploy:1.10.0 variables: AWS_OIDC_ROLE_ARN: $AWS_OIDC_ROLE_ARN AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION FUNCTION_NAME: 'pipe-test' COMMAND: 'update' ZIP_FILE: 'lambda.zip' WAIT: 'true' - BITBUCKET_PIPE_SHARED_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes" - VERSION=$(jq --raw-output '.Version' $BITBUCKET_PIPE_SHARED_STORAGE_DIR/aws-lambda-deploy-env) # Point an alias to the new lambda version - pipe: atlassian/aws-lambda-deploy:1.10.0 variables: AWS_OIDC_ROLE_ARN: $AWS_OIDC_ROLE_ARN AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION FUNCTION_NAME: 'pipe-test' COMMAND: 'alias' ALIAS: 'production' VERSION: '${VERSION}' DEBUG: 'true' pipelines: default: - <<: *test branches: master: - <<: *test
And pipe was finished successfully.
$AWS_OIDC_ROLE_ARN i setup as a repository variable.
Regards, Igor
Indeed, I tried again with 1.10.0 instead of 1.8.2 and it passed.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@François Collins . Thanks for your question. We will investigate your case.
Regards, Igor.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
From setup to deployment—this learning path shows you how to build your first app using Forge. Learn the essentials, streamline workflows, and bring custom solutions to life across Jira, Confluence, and more.
Start Learning
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.