If you do not yet have a fork of the repository associated with this workshop, you should do so now. The contents of this Git repo will contain a .circleci/config.yml file. A comprehensive reference document for the CircleCI 2.x configuration keys that are used in the config.yml file is available from CircleCI. We will reference some of the config keys in our walk-through of our sample config.yml file.
Throughout the examples shown in these exercises you will see references to a few environment variables. These are defined in our CircleCI Project Settings and will be referenced in our config.yml to allow for secure authentication between CircleCI, AWS and Snyk.
The specific variables needed are as follows:
- AWS Identity & Access Management User key and secret for secure authenticated interactions with the AWS API:
ACCESS_KEY_ID_ENV_VAR_NAME&SECRET_ACCESS_KEY_ENV_VAR_NAME - AWS Elastic Container Registry (ECR) URL for accessing your default registry: (SEE WARNING BELOW)
AWS_ECR_ACCOUNT_URL_ENV_VAR_NAME - AWS region you will be deploying to: AWS_REGION_ENV_VAR_NAME
- API token for authenticating with your Snyk account:
SNYK_TOKEN
{% hint style="warning" %} Ensure that you use the general ECR URL in the following format:
https://aws_account_id.dkr.ecr.region.amazonaws.com
{% endhint %}
{% hint style="warning" %} It is recommended that you use Snyk Service accounts and AWS IAM best practices when creating accounts. {% endhint %}