Hiding aws credentials Jenkins S3 plugin.
134 views
Skip to first unread message
seshadri...@gmail.com
Jul 27, 2018, 7:44:13 AM7/27/18
to Jenkins Users
Hi,
My self Jai,
Am currently facing problem with "how to hide aws access key and secrete key in S3 plugin while uploading artifacts from jenkins job to AWS S3 ??? Need help soon, Can any body please??
Thanks and Regards
Jai
gil
Jul 30, 2018, 7:33:22 AM7/30/18
to Jenkins Users
what about writing your job to upload files to s3?
seshadri...@gmail.com
Aug 2, 2018, 9:46:41 AM8/2/18
to Jenkins Users
Jenkins deployments will need to upload artifacts to S3; Jenkins can't write to S3 by default, so we'll need to specify AWS credentials to upload. We'd prefer to not expose these credentials in build scripts or configuration options.
Goal is to provide best practices for properly using and hiding AWS credentials in Jenkins jobs
Aldrin Leal
Aug 2, 2018, 9:59:33 AM8/2/18
to jenkins...@googlegroups.com
Why not restrict the key to allow only uploading from a given IP Address? Is it way safer
https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/fc046bdc-e7ff-4457-9b16-2ba81f52dafc%40googlegroups.com.
seshadri...@gmail.com
Aug 2, 2018, 12:18:38 PM8/2/18
to Jenkins Users
Hi Aldrin Leal,
Thanks for your information, my problem got solved with other way........ like instead of using IAM user credentials in Jenkins, we can create IAM role with S3 full permission and attach that role in to the Jenkins server, then in Jenkins at the S3 publisher profile instead of providing credentials, we can select IAM role, no worries about credentials.
Please follow below steps:
- First need to create IAM role with S3 full access.
- Then attach that role to Server.
- And go to Jenkins dashboard,
Configure Systems,
Amazon S3 profile,
S3 profiles name : same name as "IAM role"
Instead of given credentials, we can select "Use IAM Role", then apply and save
- In Jenkins job, Add post-build action:
Publish artifacts to S3 Bucket,
S3 profile name: name same as "IAM role",
Files to upload: Source : Files name
Destination bucket : Bucket path
Bucket Region : Select bucket region
Then Apply and Save
- Click Build now, check artifacts are uploaded in to S3 bucket.
On Thursday, 2 August 2018 19:29:33 UTC+5:30, Aldrin Leal wrote:
Why not restrict the key to allow only uploading from a given IP Address? Is it way safer
https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
On Thu, Aug 2, 2018 at 8:46 AM, <seshadri...@gmail.com> wrote:
Jenkins deployments will need to upload artifacts to S3; Jenkins can't write to S3 by default, so we'll need to specify AWS credentials to upload. We'd prefer to not expose these credentials in build scripts or configuration options.Goal is to provide best practices for properly using and hiding AWS credentials in Jenkins jobs
On Monday, 30 July 2018 17:03:22 UTC+5:30, gil wrote:what about writing your job to upload files to s3?
On Friday, 27 July 2018 14:44:13 UTC+3, seshadri...@gmail.com wrote:Hi,My self Jai,Am currently facing problem with "how to hide aws access key and secrete key in S3 plugin while uploading artifacts from jenkins job to AWS S3 ??? Need help soon, Can any body please??Thanks and RegardsJai
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
Shubham Aggarwal
Aug 25, 2020, 4:24:15 PM8/25/20
to Jenkins Users
I can't see the screenshots. Would you please post them again? I tried to follow your instructions but Jenkins automatically unchecks "use IAM role" after I save it with the name or ARN of the role. What am I doing wrong?
Shubham Aggarwal
Aug 25, 2020, 4:48:16 PM8/25/20
to Jenkins Users
Never mind. I got it to work. I assigned an instance profile to my slaves and created an S3 profile with "Use IAM role" checked. It again unchecked it but it worked nonetheless. Also, the S3 profile didn't have to bear the same name as the IAM role assigned to the slaves.
Reply all
Reply to author
Forward
0 new messages