Can AWS Global Configuration plugin store the AWS Endpoint Configuration?
43 views
Skip to first unread message
Chris Kilding
Dec 12, 2019, 6:29:16 AM12/12/19
to jenkin...@googlegroups.com
Hello,
The AWS Global Configuration plugin seems to be a useful way to share config between plugins that use the AWS SDK. I have a few questions about it:
1. Does it support storing the AWS Endpoint Configuration (service endpoint, signing region)?
2. Should plugins inherit their AWS SDK Maven dependency from the Global Configuration plugin, or should they redefine their SDK dependency in their own POMs?
3. Can it do anything that IAM instance profiles cannot? (I imagine that most Jenkins servers on AWS would inherit their AWS config implicitly from the IAM instance profile.)
Regards,
Chris
The AWS Global Configuration plugin seems to be a useful way to share config between plugins that use the AWS SDK. I have a few questions about it:
1. Does it support storing the AWS Endpoint Configuration (service endpoint, signing region)?
2. Should plugins inherit their AWS SDK Maven dependency from the Global Configuration plugin, or should they redefine their SDK dependency in their own POMs?
3. Can it do anything that IAM instance profiles cannot? (I imagine that most Jenkins servers on AWS would inherit their AWS config implicitly from the IAM instance profile.)
Regards,
Chris
Jesse Glick
Dec 12, 2019, 9:20:27 AM12/12/19
to Jenkins Dev
On Thu, Dec 12, 2019 at 6:29 AM Chris Kilding
<chris+...@chriskilding.com> wrote:
> 1. Does it support storing the AWS Endpoint Configuration (service endpoint, signing region)?
What is currently defined:
<chris+...@chriskilding.com> wrote:
> 1. Does it support storing the AWS Endpoint Configuration (service endpoint, signing region)?
https://javadoc.jenkins.io/plugin/aws-global-configuration/io/jenkins/plugins/aws/global_configuration/CredentialsAwsGlobalConfiguration.html
> 2. Should plugins inherit their AWS SDK Maven dependency from the Global Configuration plugin, or should they redefine their SDK dependency in their own POMs?
version of the `aws-java-sdk` plugin.
> 3. Can it do anything that IAM instance profiles cannot?
does not “do” much of anything, it is just a common place to keep
settings. For example, `artifact-manager-s3` defines its own settings
for S3 buckets but relies on `aws-global-configuration` to define
credentials.
> I imagine that most Jenkins servers on AWS would inherit their AWS config implicitly from the IAM instance profile.
tried it but I presume via
https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
Chris Kilding
Dec 12, 2019, 11:36:23 AM12/12/19
to jenkin...@googlegroups.com
Hi Jesse,
I’ve found this PR from a while back which suggests the EndpointConfiguration support was once present but then removed: https://github.com/jenkinsci/aws-global-configuration-plugin/pull/3. Would the design of that code be relevant for re-introducing the feature?
Also re instance profiles, I was largely asking to find out if there is significant value in doing the work to depend on the Global Configuration plugin beyond just standardisation. It appears the instance profile doesn’t contain endpoint information, so the plugin could provide extra value after all.
Chris
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-de...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr0dE5rSPrkhxcRsTw%2B%3DPqdXXVOMQoGRCryDkDcQzxY1HQ%40mail.gmail.com.
>
I’ve found this PR from a while back which suggests the EndpointConfiguration support was once present but then removed: https://github.com/jenkinsci/aws-global-configuration-plugin/pull/3. Would the design of that code be relevant for re-introducing the feature?
Also re instance profiles, I was largely asking to find out if there is significant value in doing the work to depend on the Global Configuration plugin beyond just standardisation. It appears the instance profile doesn’t contain endpoint information, so the plugin could provide extra value after all.
Chris
> You received this message because you are subscribed to the Google
> Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-de...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr0dE5rSPrkhxcRsTw%2B%3DPqdXXVOMQoGRCryDkDcQzxY1HQ%40mail.gmail.com.
>
Jesse Glick
Dec 12, 2019, 1:48:21 PM12/12/19
to Jenkins Dev
On Thu, Dec 12, 2019 at 11:36 AM Chris Kilding
<chris+...@chriskilding.com> wrote:
> the EndpointConfiguration support was once present but then removed
If I recall correctly this was just used for test mocks.
<chris+...@chriskilding.com> wrote:
> the EndpointConfiguration support was once present but then removed
> if there is significant value in doing the work to depend on the Global Configuration plugin beyond just standardisation
AWS-related global configuration.
Reply all
Reply to author
Forward
0 new messages