curved-television-6568
01/13/2022, 12:14 PMfast-nail-55400
01/13/2022, 6:22 PMThe easy thing is to set/inherit HOME and be done with it, but is that an OK approach?something to be aware of: that would work with local execution, but would not work with remote execution.
hundreds-father-404
01/13/2022, 6:24 PMfast-nail-55400
01/13/2022, 6:27 PMhundreds-father-404
01/13/2022, 8:01 PM/tmp
So I don't think you need to do anything new to get ~/.aws/credentials working. You only need to set up env
appropriately like to get sh
discoverablecurved-television-6568
01/13/2022, 8:53 PMbut would not work with remote executionnot sure that would be an issue here, though, as the
publish
processer are run as interactive processes, which implies local, iiuc?docker push
ought to be remotable too.. and work with exported images from a previous build step.. 🤔So I don’t think you need to do anything new to get ~/.aws/credentials working.Exactly.. but I guess it won’t know what
~
should expand to unless HOME env var is set?hundreds-father-404
01/13/2022, 9:22 PMnutritious-hair-72580
01/14/2022, 9:38 AMAWS_ACCESS_KEY
, AWS_SECRET_ACCESS_KEY
, AWS_DEFAULT_PROFILE
and the like.
This would obviously work locally as well as a workaround but it’s just another step to manage.
In my org, we have AWS access tied to enterprise SSO. We use a tool which reads the config file, uses chromium to login and scrape the SAML cookie, does an API call to AWS, gets an access token, and saves that to ~/.aws/credentials
.
For Jenkins, we have an IAM service account which can assume a role, and the Jenkins plugin handles setting the env vars.