-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins 2.141
EC2 Plugin 1.41
I'm currently using Jenkins with AWS EC2 plugin to run CloudFormation scripts from Jenkins slaves in different AWS accounts. The only way I got this working was by creating dedicated AWS users for Jenkins in the accounts in which I want to launch the slaves.
The reason I had to do this appears to be that when "Use EC2 instance profile to obtain credentials" is checked, the SSH key is verified against Jenkins master's account, while the SSH-key belongs to the accounts in which I want to launch the slave.
Solution proposal: Allow the user to enter the AWS Account id in which the slave is to be launched, which would allow Jenkins master's EC2 to assume a role in the proper account in order to verify the SSH key.
[JENKINS-54715] EC2 Plugin: Possibility to provide AWS account id when using EC2 instance profile to obtain credentials
Description |
Original:
I'm currently using Jenkins with AWS EC2 plugin to run CloudFormation scripts in different AWS accounts. The only way I got this working was by creating dedicated AWS users for Jenkins in the accounts in which I want to launch the slaves. The reason I had to do this appears to be that when "*Use EC2 instance profile to obtain credentials*" is checked, the SSH key is verified against Jenkins master's account, while the SSH-key belongs to the accounts in which I want to launch the slave. *Solution proposal:* Allow the user to enter the AWS Account id in which the Slave is to be launched, which would allow Jenkins master's EC2 to assume a role in the proper account in order to verify the SSH key. |
New:
I'm currently using Jenkins with AWS EC2 plugin to run CloudFormation scripts in different AWS accounts. The only way I got this working was by creating dedicated AWS users for Jenkins in the accounts in which I want to launch the slaves. The reason I had to do this appears to be that when "*Use EC2 instance profile to obtain credentials*" is checked, the SSH key is verified against Jenkins master's account, while the SSH-key belongs to the accounts in which I want to launch the slave. *Solution proposal:* Allow the user to enter the AWS Account id in which the slave is to be launched, which would allow Jenkins master's EC2 to assume a role in the proper account in order to verify the SSH key. |
Description |
Original:
I'm currently using Jenkins with AWS EC2 plugin to run CloudFormation scripts in different AWS accounts. The only way I got this working was by creating dedicated AWS users for Jenkins in the accounts in which I want to launch the slaves. The reason I had to do this appears to be that when "*Use EC2 instance profile to obtain credentials*" is checked, the SSH key is verified against Jenkins master's account, while the SSH-key belongs to the accounts in which I want to launch the slave. *Solution proposal:* Allow the user to enter the AWS Account id in which the slave is to be launched, which would allow Jenkins master's EC2 to assume a role in the proper account in order to verify the SSH key. |
New:
I'm currently using Jenkins with AWS EC2 plugin to run CloudFormation scripts from Jenkins slaves in different AWS accounts. The only way I got this working was by creating dedicated AWS users for Jenkins in the accounts in which I want to launch the slaves. The reason I had to do this appears to be that when "*Use EC2 instance profile to obtain credentials*" is checked, the SSH key is verified against Jenkins master's account, while the SSH-key belongs to the accounts in which I want to launch the slave. *Solution proposal:* Allow the user to enter the AWS Account id in which the slave is to be launched, which would allow Jenkins master's EC2 to assume a role in the proper account in order to verify the SSH key. |