OIDC is a great way to get rotating credentials when working with AWS. Hard coding credentials is extremely frowned upon. In the case where Jenkins isn't hosted in AWS, but needs a set of credentials that do rotate, OIDC is an excellent way to do this.
What feature do you want to see added?
OIDC is a great way to get rotating credentials when working with AWS. Hard coding credentials is extremely frowned upon. In the case where Jenkins isn't hosted in AWS, but needs a set of credentials that do rotate, OIDC is an excellent way to do this.
This is what it looks like with github: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
I believe https://github.com/jenkinsci/aws-credentials-plugin/blob/master/src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java#L229 would need to take an argument, and possibly use https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/securitytoken/model/AssumeRoleWithWebIdentityRequest.html
The following plugin for jenkins leverages OIDC https://plugins.jenkins.io/oidc-provider/ but it seems not compatable with the aws cloud jenkins plugin
Upstream changes
No response