From 18467f76990528077a65e2608905dfec3f3b3673 Mon Sep 17 00:00:00 2001
From: Andreas Braun <andreas.braun@mongodb.com>
Date: Fri, 23 May 2025 10:24:06 +0200
Subject: [PATCH] PHPLIB-1678: Use assume_role command before accessing secrets
 (#1832)

---
 .evergreen/config/test-tasks.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.evergreen/config/test-tasks.yml b/.evergreen/config/test-tasks.yml
index 99cd3a210..e94dc333e 100644
--- a/.evergreen/config/test-tasks.yml
+++ b/.evergreen/config/test-tasks.yml
@@ -2,10 +2,14 @@ tasks:
   - name: "test-atlas-connectivity"
     tags: ["atlas", "nodb", "pr", "tag"]
     commands:
+      - command: ec2.assume_role
+        params:
+          role_arn: ${aws_test_secrets_role}
       # This creates secrets-export.sh, which is later sourced by run-tests.sh
       - command: subprocess.exec
         params:
           working_dir: "src"
+          include_expansions_in_env: [AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_SESSION_TOKEN]
           binary: bash
           args:
             - -c