curved-television-6568
01/13/2022, 12:14 PMcurved-television-6568
01/13/2022, 12:15 PMcurved-television-6568
01/13/2022, 12:16 PMfast-nail-55400
01/13/2022, 6:22 PMThe easy thing is to set/inherit HOME and be done with it, but is that an OK approach?something to be aware of: that would work with local execution, but would not work with remote execution.
fast-nail-55400
01/13/2022, 6:23 PMhundreds-father-404
01/13/2022, 6:24 PMfast-nail-55400
01/13/2022, 6:27 PMhundreds-father-404
01/13/2022, 8:01 PM/tmp
So I don't think you need to do anything new to get ~/.aws/credentials working. You only need to set up env
appropriately like to get sh
discoverablecurved-television-6568
01/13/2022, 8:53 PMbut would not work with remote executionnot sure that would be an issue here, though, as the
publish
processer are run as interactive processes, which implies local, iiuc?curved-television-6568
01/13/2022, 8:54 PMcurved-television-6568
01/13/2022, 8:55 PMdocker push
ought to be remotable too.. and work with exported images from a previous build step.. 🤔curved-television-6568
01/13/2022, 8:57 PMSo I don’t think you need to do anything new to get ~/.aws/credentials working.Exactly.. but I guess it won’t know what
~
should expand to unless HOME env var is set?hundreds-father-404
01/13/2022, 9:22 PMnutritious-hair-72580
01/14/2022, 9:38 AMAWS_ACCESS_KEY
, AWS_SECRET_ACCESS_KEY
, AWS_DEFAULT_PROFILE
and the like.
This would obviously work locally as well as a workaround but it’s just another step to manage.
In my org, we have AWS access tied to enterprise SSO. We use a tool which reads the config file, uses chromium to login and scrape the SAML cookie, does an API call to AWS, gets an access token, and saves that to ~/.aws/credentials
.
For Jenkins, we have an IAM service account which can assume a role, and the Jenkins plugin handles setting the env vars.