AWS Pipeline Plugin for Jenkins 2.x

I found this really cool plugin last week so I thought I’d make a post out of it.

I heavily use the “AssumeRole” capability within my application. Previously, this is what I used:

/usr/bin/env aws sts assume-role --region ${AWS_DEFAULT_REGION} --role-arn ${CROSS_ACCOUNT_ROLE} --role-session-name "AssumedSession" > /tmp/tmp.txt

export AWS_ACCESS_KEY_ID=$(grep -Po '(?<="AccessKeyId": ")[^"]*' /tmp/session.txt | tr -d '\n')
export AWS_SECRET_ACCESS_KEY=$(grep -Po '(?<="SecretAccessKey": ")[^"]*' /tmp/session.txt | tr -d '\n')
export AWS_SESSION_TOKEN=$(grep -Po '(?<="SessionToken": ")[^"]*' /tmp/session.txt | tr -d '\n')
export TOKEN_ISSUED_SECONDS=${SECONDS}

rm /tmp/session.txt

/usr/bin/env aws sts assume-role --region ${AWS_DEFAULT_REGION} --role-arn ${CROSS_ACCOUNT_ROLE} --role-session-name "AssumedSession" > /tmp/tmp.txt

export AWS_ACCESS_KEY_ID=$(grep -Po '(?<="AccessKeyId": ")[^"]*' /tmp/session.txt | tr -d '\n')

export AWS_SECRET_ACCESS_KEY=$(grep -Po '(?<="SecretAccessKey": ")[^"]*' /tmp/session.txt | tr -d '\n')

export AWS_SESSION_TOKEN=$(grep -Po '(?<="SessionToken": ")[^"]*' /tmp/session.txt | tr -d '\n')

export TOKEN_ISSUED_SECONDS=${SECONDS}

rm /tmp/session.txt

As you can see, the code above is using shell commands to achieve the assume role awesomeness. This works well when your jenkins job has a shell command step but not when you have a groovy pipeline defined in your Jenkins.

I struggled with it initially – one of the ideas I had was to upload the assume script somewhere like S3 and then pull it down and run it when I wanted to run commands under the assume-role. However, this felt a bit cumbersome.

Next thing in my mind was to write a groovy plugin that can do this for me. However, rather than reinventing the wheel, I started looking for existing solutions. Finally, I found the aws-pipeline-plugin.

Its a neat little plugin that allows you to do a bunch of basic stuff that you might want to do on AWS. Assume role is one of them.

So now with the new plugin, my code reduced to:

withAWS(role: roleToAssume, roleAccount: myAwsAccountId) {
    sh "aws s3 cp file.txt s3://${bucketName}${uploadPath}"
}

withAWS(role: roleToAssume, roleAccount: myAwsAccountId) {

sh "aws s3 cp file.txt s3://${bucketName}${uploadPath}"

}

Here, I’ve got a couple of variables but their names should be self-explanatory of their purpose. The general idea is that anything you write within that withAWS block will get executed under the role specified in role variable.

One thought on “AWS Pipeline Plugin for Jenkins 2.x”

Set Balu says:

2nd November 2018 at 8:55 pm

Thank you, to make it work…

withAWS(credentials:’main Role’) {
withAWS(role:’assume_admin’, roleAccount:’assume_role_account’, roleSessionName: ‘my-custom-session-name’) {
sh “aws s3 ls”
}
}

Loading...

ManthanHD

Findings, thoughts and observations from the eye of a Software Engineer.

ManthanHD

AWS Pipeline Plugin for Jenkins 2.x

Like this:

Related

One thought on “AWS Pipeline Plugin for Jenkins 2.x”

Leave a Reply Cancel reply

ManthanHD

Findings, thoughts and observations from the eye of a Software Engineer.

Did you find this post useful? Spread the word!

Like this:

Related

One thought on “AWS Pipeline Plugin for Jenkins 2.x”

Leave a Reply Cancel reply