Skip to content

Commit a626ca1

Browse files
edersonbrilhanteedersonbrilhante
authored
fix(runner): enforce instance profile usage and disable shared AWS creds (#182)
1 parent c3964be commit a626ca1

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

modules/platform/ec2_deployment/template_files/hook_job_completed.tftpl

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,9 @@ fi
6464
echo "GitHub Actions environment variables exported to $LOG_FILE"
6565

6666
unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_PROFILE AWS_DEFAULT_PROFILE
67+
export AWS_SHARED_CREDENTIALS_FILE=/dev/null
68+
export AWS_CONFIG_FILE=/dev/null
69+
export AWS_SDK_LOAD_CONFIG=0
6770

6871
TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" \
6972
-H "X-aws-ec2-metadata-token-ttl-seconds: 300")

0 commit comments

Comments
 (0)