We want our Drone runners to be able to perform actions across AWS accounts. In order to do so, we must assume an AWS IAM role that consists of an AWS access key id, an AWS secret access key, and an AWS session token. A single assume role request passes back all three pieces and all three pieces must be used together in order to assume a role.
A custom Drone secret extension can be used to call the AWS IAM API to assume the desired role but we’re having trouble getting the credentials back because the secret consists of multiple attributes and there is no functionality to reference a part of a secret.
Are there any recommendations about how we should go about doing this?