Authenticate per-region for make-amis

1 files changed, 10 insertions, 1 deletions

diff --git a/scripts/builder.py b/scripts/builder.py
index 0263308..de95bdb 100644
--- a/scripts/builder.py
+++ b/scripts/builder.py
@@ -214,6 +214,8 @@ class MakeAMIs:
 
     @staticmethod
     def add_args(parser):
+        parser.add_argument("--region", "-r", default="us-west-2",
+            help="region to use for build")
         parser.add_argument("profile", help="name of profile to build")
         parser.add_argument("builds", nargs="*",
             help="name of builds within a profile to build")
@@ -232,6 +234,7 @@ class MakeAMIs:
                 print(f"Build dir '{build_dir}' does not exist")
                 break
 
+            creds = IdentityBrokerClient().get_credentials(args.region)
             out = io.StringIO()
 
             res = subprocess.Popen([
@@ -239,7 +242,13 @@ class MakeAMIs:
                     "build",
                     f"-var-file={build_dir}/vars.json",
                     "packer.json"
-                ], stdout=subprocess.PIPE, encoding="utf-8")
+                ], stdout=subprocess.PIPE, encoding="utf-8", env={
+                    "PATH": os.environ.get("PATH"),
+                    "AWS_ACCESS_KEY_ID": creds["access_key"],
+                    "AWS_SECRET_ACCESS_KEY": creds["secret_key"],
+                    "AWS_SESSION_TOKEN": creds["session_token"],
+                    "AWS_DEFAULT_REGION": args.region,
+                })
 
             while res.poll() is None:
                 text = res.stdout.readline()