I also am VERY curious if anybody here is using pants for any CDK stuff? As well as if anybody has found a way to build AWS (or gcp) auth more directly into pants. When I was last using please we build custom tooling such that you could in a build file define the role assumption and other details you wanted, and our tooling would automatically STS assume role before running built things (or even during the build phase). I'm still very new to pants but its a bit unclear to me how I would do that. I think I would be creating a plugin that sets up the authentication, then generate a file which becomes a digest. It's a bit unclear to me how I can then get that file into a docker build. it seems like I would want to wrap the existing docker build command and inject my generation files or env config.

Not sure about the AWS/gcp auth directly, but if you need some kind of auto-generated file to go into a docker build, you are on the right track. You would set your

docker_image

target with a

dependencies

field selecting the target that creates the file and it should get materialized into the sandbox used for the docker build. One thing I have also done in the past is to just use the

.pants.bootstrap

file to run whatever (bash) commands I need to get the file into my repo, and then the

docker_image

target can depend on it directly like a regular file. (This has the downside of leaving the file on your system, so you should probably make sure to

.gitignore

it)

This is Python and testing specific, but we use

conftest.py

files to do things like:

@pytest.fixture(scope="session")
def aws_credentials():
    with assume_role("arn:aws:iam::123:role/some-test-role-role"):
        yield

Thank you both this is very helpful!