@@ -324,34 +324,12 @@ function _installCLIFromLocalRegistry {
324324}
325325function _loadTestAccountCredentials {
326326 echo ASSUMING PARENT TEST ACCOUNT credentials
327-
328- # Save original CodeBuild credentials on first call (before any assume-role)
329- if [ -z " ${_ORIGINAL_AWS_ACCESS_KEY_ID:- } " ]; then
330- export _ORIGINAL_AWS_ACCESS_KEY_ID=" ${AWS_ACCESS_KEY_ID:- } "
331- export _ORIGINAL_AWS_SECRET_ACCESS_KEY=" ${AWS_SECRET_ACCESS_KEY:- } "
332- export _ORIGINAL_AWS_SESSION_TOKEN=" ${AWS_SESSION_TOKEN:- } "
333- fi
334-
335- # Temporarily restore original credentials for the assume-role call
336- # so re-assumes use the CodeBuild identity, not the already-assumed role
337- local saved_key=" ${AWS_ACCESS_KEY_ID:- } "
338- local saved_secret=" ${AWS_SECRET_ACCESS_KEY:- } "
339- local saved_token=" ${AWS_SESSION_TOKEN:- } "
340-
341- export AWS_ACCESS_KEY_ID=" ${_ORIGINAL_AWS_ACCESS_KEY_ID} "
342- export AWS_SECRET_ACCESS_KEY=" ${_ORIGINAL_AWS_SECRET_ACCESS_KEY} "
343- export AWS_SESSION_TOKEN=" ${_ORIGINAL_AWS_SESSION_TOKEN} "
344-
345327 session_id=$(( 1 + $RANDOM % 10000 ))
346328 # Use longer time for parent account role
347329 creds=$( aws sts assume-role --role-arn $TEST_ACCOUNT_ROLE --role-session-name testSession${session_id} --duration-seconds 3600)
348330 if [ -z $( echo $creds | jq -c -r ' .AssumedRoleUser.Arn' ) ]; then
349- # Restore previous credentials on failure
350- export AWS_ACCESS_KEY_ID=" $saved_key "
351- export AWS_SECRET_ACCESS_KEY=" $saved_secret "
352- export AWS_SESSION_TOKEN=" $saved_token "
353- echo " Warning: Failed to refresh credentials, continuing with existing ones"
354- return 0
331+ echo " Unable to assume parent e2e account role."
332+ return
355333 fi
356334 echo " Using account credentials for $( echo $creds | jq -c -r ' .AssumedRoleUser.Arn' ) "
357335 export AWS_ACCESS_KEY_ID=$( echo $creds | jq -c -r " .Credentials.AccessKeyId" )
@@ -386,10 +364,6 @@ function _runE2ETestsLinux {
386364
387365function _runCDKTestsLinux {
388366 echo " RUN CDK Tests Linux"
389- # Refresh parent account credentials before running tests to prevent expiry.
390- # Credentials are initially loaded during setup (_setupCDKTestsLinux), but if
391- # setup + test execution exceeds the 1-hour STS session limit, they expire.
392- _loadTestAccountCredentials
393367 retry runCDKTest
394368}
395369
0 commit comments