Remediate AWS CIS v3.0 and v4.0 with Flowpipe's interactive wizard →
DocsHubBlogChangelogSlack CommunityGitHub
Download
On this page
Get Involved
Edit on GitHub

aws

Important

As of Flowpipe 1.0.0, credential has been renamed to connection. The aws credential resource is deprecated and will be removed in a future version of Flowpipe. Use the aws connection instead.

The aws credential can be used to access Amazon Web Services resources.

credential "aws" "my_creds" {
  profile = "aws-account-01"
}

Arguments

NameTypeRequired?Description
profileStringOptionalThe AWS Profile to use to obtain credentials.
access_keyStringOptionalA static AWS access key to use to authenticate.
secret_keyStringOptionalA static AWS secret key to use to authenticate.
session_tokenStringOptionalA static AWS session token to use to authenticate. This is only used if you specify access_key and secret_key.
ttlNumberOptionalThe time, in seconds, to cache the credentials. By default, the AWS credential will be cached for 5 minutes.

All arguments are optional, and an aws credential with no arguments will behave the same as the AWS default credential. You may instead specify exactly one of:

  • profile
  • access_key and secret_key (and optionally session_token)

Attributes (Read-Only)

AttributeTypeDescription
access_keyStringThe AWS access key to use to authenticate. If you specified the access_key arg, then this is the argument value verbatim. If you have specified profile, then this is the resolved temporary access key for that profile.
secret_keyStringThe AWS secret key to use to authenticate. If you specified the secret_key arg, then this is the argument value verbatim. If you have specified profile, then this is the resolved temporary secret key for that profile.
session_tokenStringThe AWS session token to use to authenticate. If you specified the session_token arg, then this is the argument value verbatim. If you have specified profile, then this is the resolved temporary session token for that profile.
envMapA map of the resolved credential-related environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_PROFILE)

Default Credential

The AWS credential type includes an implicit, default credential (credential.aws.default) that will be configured using the same mechanism as the AWS CLI (AWS environment variables, default profile, etc); the effective credentials of this default are the same as if you run the aws command.

Examples

Static Credentials

credential "aws" "aws_static" {
  access_key = "ASIAQGDFAKEKGUI5MCEU"
  secret_key = "QhLNLGM5MBkXiZm2k2tfake+TduEaCkCdpCSLl6U"
}

AWS Profile

credential "aws" "aws_profile" {
  profile = "awx_prod_01"
}

Using AWS Credentials in Container Step

pipeline "ex1" {
  param "cred" {
    type    = string
    default = "default"
  }


  step "container" "aws" {
    image = "public.ecr.aws/aws-cli/aws-cli"
    cmd   = [ "s3", "ls" ]
    env   = credential.aws[param.cred].env
  } 
}