stg use role_arn too

Author: akirasosa

scripts/deploy.sh

@@ -1,23 +1,14 @@
 #!/usr/bin/env bash
 
-if [ -z "${ENV}" ]; then
-  echo "ENV is required."
-  exit 1
-fi
+set -u
 
-# switch role if production
-if [ "${ENV}" = "prod" ]; then
-  source scripts/switch-production-role.sh
+if [ ! -v AWS_SESSION_TOKEN ]; then
+  source ./scripts/switch-role.sh
 fi
 
 # set variables
 CDN_URL="https://cdn-${ENV}.hana053.com"
 S3_CDN_URL="s3://cdn-${ENV}.hana053.com"
-if [ "${ENV}" = "prod" ]; then
-  MAIN_URL="https://micropost.hana053.com"
-else
-  MAIN_URL="https://micropost-${ENV}.hana053.com"
-fi
 
 # build
 PUBLIC_PATH=${CDN_URL} yarn run build:prod
@@ -32,4 +23,3 @@ aws s3 sync --delete --acl public-read dist ${S3_CDN_URL}
 aws deploy create-deployment --application-name micropost \
   --s3-location bucket=cdn-${ENV}.hana053.com,key=codedeploy.tgz,bundleType=tgz \
   --deployment-group-name web-frontend
-

scripts/switch-production-role.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# Parse variable such as ROLE_ARN_stg, ROLE_ARN_prod and etc.
+ROLE_ARN=$(eval echo '$ROLE_ARN_'${ENV})
+
+CREDENTIALS=$(aws sts assume-role --role-arn ${ROLE_ARN} --role-session-name travisci)
+
+export AWS_ACCESS_KEY_ID=$(echo ${CREDENTIALS} | jq --raw-output .Credentials.AccessKeyId)
+export AWS_SECRET_ACCESS_KEY=$(echo ${CREDENTIALS} | jq --raw-output .Credentials.SecretAccessKey)
+export AWS_SESSION_TOKEN=$(echo ${CREDENTIALS} | jq --raw-output .Credentials.SessionToken)