-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
aws-parameter-store plugin v1.2.1
Jenkins 2.154
I started to use the aws-parameter-store plugin v1.2.1.
My setup is Jenkins 2.154 on Kubernetes with github multi-branch/organization/pipeline plugins.
I found out that:
- the plugin does not work with the slave pod IAM role (IAM instance role)
- the plugin only works with the AWS credentials stored in the Global domain - not from the job organisation domain.
- the plugin only works with the IAM user AWS credentials, not with a role
- the plugin fails silently if the IAM permission is not working
- the plugin fails silently if the parameter path does not exist
Would it be possible to enhance the usability of this plugin and make it fail when there are setup issues ?
Thanks for the feedback. It should work under Kubernetes and with an IAM Role - I have it running regularly as an ECS Task. The credentials are fetched using the aws-credentials-plugin.
It's true that it only works with global credentials - I'll investigate adding other credential stores.
Yes it fails silently - in some cases lack of permissions might not be an error - for example fetching by path when your role only has access to particular parameters. Failing the build may be overkill (unless I add a flag) but I should find a way to print a message in the console.