leoherran-aws
commented
7 years ago The plugin does need initial AWS credentials in the form of an access and secret key to assume an IAM role.
Closed blaines closed 6 years ago
leoherran-aws
commented
7 years ago The plugin does need initial AWS credentials in the form of an access and secret key to assume an IAM role.
leoherran-aws
commented
7 years ago Let us know if this hinders your use case. Otherwise I'll close this issue.
mspiegle
commented
7 years ago How about allowing the plugin to retrieve initial credentials from an EC2 instance profile? That would prevent the end-user from having to handle the API keys.
troyready
commented
7 years ago It would be nice if the IAM credentials could be made optional so auth will fall back to an instance's IAM role.
~EDIT 1: Sorry if this was comment spam -- I just did a quick look at the code and at first glance it does look like they're optional. I'll test & see.~
~EDIT 2: manually specified credentials are required (the plugin fails if credentialsType isn't specified). Would be nice to remove the requirement~
EDIT 3: this is possible; see my next comment
troyready
commented
7 years ago Would be nice to update the documentation to show that if credentialsType is set to keys, then blank strings for awsAccessKey & awsSecretKey will cause the plugin to correctly fall back to the instance profile.
leoherran-aws
commented
6 years ago Updated documentation in 4e9fe6d18e21597ba81ad125a5024dcaf180c3d2.
Is the
awsAccessKeyrequired to use this plugin or is running Jenkins on EC2 with an IAM role sufficient? That is unclear in the documentation right now. Thanks!