skip to Main Content

I’m trying to create a Jenkins pipeline (.jenkinsfile) to perform some actions in AWS, but cannot give everyone in my company access to the pipeline. My thought was to have the user paste in their AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values (these values are refreshed every 24 hours) into Jenkins pipeline parameters and then use them as some type of credentials in the .jenkinsfile. If the user pastes in wrong values/does not have the correct permissions to run the code, the job will fail. So far I have been unable to find a way to do this as all the examples I’ve seen have been using existing credentials stored on the Jenkins server, and not generating them for each run.

I’ve tried the following bits of code with no luck:

environment {
   TMP_AWS_CREDS =
     credentialsBinding {
       amazonWebServicesCredentialsBinding {
         accessKeyVariable(${AWS_ACCESS_KEY_ID})
         secretKeyVariable(${AWS_SECRET_ACCESS_KEY})
         credentialsId('temp-aws-creds')
       }
     }
}

steps {
  withAWS(credentials: "${TMP_AWS_CREDS}, region: 'ap-southeast-4') {
    // some block
  }
}

and

steps {
  withAWS(credentials: wrappers {
    credentialsBinding {
      amazonWebServicesCredentialsBinding {
        accessKeyVariable(${AWS_ACCESS_KEY_ID})
        secretKeyVariable(${AWS_SECRET_ACCESS_KEY})
        credentialsId('temp-aws-creds')
      }
    }
  }, region: 'ap-southeast-4') {
     // some block
  }
}

and

steps {
  withAWS(credentials: '[certificate(credentialsId: 'temp-aws-creds', 
    keystoreVariable: AWS_ACCESS_KEY_ID, 
    passwordVariable: AWS_SECRET_ACCESS_KEY)]', region: 'ap-southeast-4') {
                            // some block
  }
}

2

Answers


  1. You use them like any other pipeline parameters:

    parameters {
        string(name: 'AWS_ACCESS_KEY_ID', defaultValue: '', description: 'AWS access key')
        password(name: 'AWS_SECRET_ACCESS_KEY', defaultValue: '', description: 'AWS secret key associated with the access key')
    }
    

    Don’t worry about passing them into your environment – Jenkins creates environment variables for all the pipeline parameters. But make sure they are not printed anywhere, because Jenkins doesn’t mask passwords from the parameters in the log.

    Login or Signup to reply.
  2. Use this pipeline
    pipeline {
    agent any

        parameters {
            string(name: 'AWS_ACCESS_KEY_ID', defaultValue: '', description: 'AWS Access Key ID')
            string(name: 'AWS_SECRET_ACCESS_KEY', defaultValue: '', description: 'AWS Secret Access Key')
        }
    
        environment {
            AWS_ACCESS_KEY_ID = "${params.AWS_ACCESS_KEY_ID}"
            AWS_SECRET_ACCESS_KEY = "${params.AWS_SECRET_ACCESS_KEY}"
            AWS_REGION = 'ap-southeast-4' // Set your desired region
        }
    
        stages {
            stage('Run AWS Commands') {
                steps {
                    script {
                        // Use AWS CLI or SDK commands here
                        sh '''
                        aws sts get-caller-identity --region ${AWS_REGION}
                        '''
                    }
                }
            }
        }
    }
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search