Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46284

support profile-based AWS credentials in pipelines

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • aws-credentials-plugin
    • None
    • Jenkins 2.74
      aws-credentials 1.21
      credentials 2.1.14
      credentials-binding 1.13
      pipeline 2.5

      (I've looked at issues JENKINS-36189 and JENKINS-38220 and don't believe they address this situation.)

       

      Currently, AWS credentials stored in Jenkins are accessed via withCredentials, exposed as the two environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

      There is no way to get these credentials available as profiles.  For example, you can't do a "aws sts get-caller-identity --profile development" call and have the credentials available (normally in the shared credentials file, pointed to via environment variable AWS_SHARED_CREDENTIALS_FILE, default ~/.aws/credentials on unix) as profile "development", or use an ansible script and call ec2_* modules that take a profile parameter.  This is especially important for tasks that require multiple sets of credentials, e.g. copying an AMI to another account, where you need credentials for the from and to sides.

      To implement this I think it would end up as a withCredentials-like block, with the credentials you want exposed listed along with the profile names you want them listed under, and the block would result in a limited-access temporary file written out in the format of the standard credentials file, and environment variable AWS_SHARED_CREDENTIALS_FILE naming said temporary file so that profile references get the ones you specified.  Once the block exits, the envvar and temporary file are removed.

       

            Unassigned Unassigned
            dchsueh Daniel Hsueh
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: