Open davidcorrigan714 opened 2 months ago
davidcorrigan714
commented
2 months ago Need to do the npm run newChange command still, somehow missed that the first time I read the README but might as well get the review going and collecting any comments.
HenrikStanley
commented
1 month ago Need to do the
npm run newChangecommand still, somehow missed that the first time I read the README but might as well get the review going and collecting any comments.
It seems like a lot of PRs on this repo does not get a lot of attention with the oldest hanging back from 2020. I am going to try and go through our companies Enterprise Agreement and get our Technical Account Manager to see if they can help push some priority on this.
I have done a review of your code and docs, and I think you have done a stellar job @davidcorrigan714 In a test on my ADO test tenant it also worked as expected.
Description
This change allows AWS connections from Azure DevOps to use OIDC authentication to AWS instead of stored access tokens. Microsoft also calls this "Workload Identity Federation".
Motivation
Using long lived credentials for authenticating into AWS is highly discouraged and incurs the manual overhead of managing those credentials. This process uses short lived OIDC tokens generated by Azure DevOps which are generated for each run and authenticated by AWS and a configured OIDC IdP to provide temporary credentials for a role.
Related Issue(s), If Filed
521
Testing
I've been testing this during in an Azure DevOps Services account, the change is not applicable to the Azure DevOps Server product but I have confirmed that it does not break plugin installation for it. I tested primarily against the AWSPowerShellModuleScript and the AWSCLI task, some more testing is probably warranted though the rest of the tasks seem to leverage the authentication code that I updated.
Checklist
npm run newChangeLicense
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.