Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

About providing temporary AWS credentials inline , the use of task for AWS in Bamboo

Hi There, 

Regarding to https://community.atlassian.com/t5/Bamboo-questions/About-SAML-2-0-based-Federation-and-Bamboo-s-solution-for-AWS/qaq-p/1121392

Speak of work around, as to providing temporary AWS credentials inline, I am not seeing the choice of "inline" available for me, see attached below for screen-shot, the only I can see is one for Federation and the other for EC2 IAM Role".  I tried from "AWS Credentials Variables Configuration" Task.

I just recently downloaded "task for aws" plugin,  it is Version:2.18.2.  Am I missing any other plugin or this is not the latest version?

Thanks very much.

Shao 

NoInlineOption.PNG

1 answer

1 vote

Hi Shao,

Thanks for the detailed inquiry, much appreciated. You are not missing anything, unfortunately I've not been precise enough when I described the potential workaround on the referenced question, which turns out to be slightly misleading and surfaces a usability issue, sorry about that:

App dependencies

All our AWS integrations like Tasks for AWS (Bamboo) and Automation with AWS are using  another app Identity Federation for AWS as a shared component to provide temporary AWS credentials at runtime (it's included for free, which works automatically).

However, Identity Federation for AWS also provides additional features on its own, for example the AWS Credentials Variables task that you used to explore the workaround.

Now, given that app's core value proposition is to provide temporary AWS credentials for others, we considered it inappropriate to also offer the use of the older 'inline' credentials variation there, because using long-term AWS credentials directly is at odds with the security best practices we aim to promote (back then we didn't offer the 'Provide session token variable' option).

Inline security credentials

Long story short, the inline AWS security credentials option referenced in the workaround is available for all tasks in Tasks for AWS (Bamboo), except for those provided by Identity Federation for AWS (Bamboo) - here's how the credentials section looks for the former (e.g. the CloudFormation task):
UAA-383.png

I hope this helps to get you going - please don't hesitate to contact us directly in case you prefer to discuss any details in private.

@Steffen Opel _Utoolity_  Thanks for the info. I will definitely give it a try today and get back to you. Thanks 

@Steffen Opel _Utoolity_  Thanks so much. I tried the inline for AWS Security Credentials, and it worked, at least, for the cases I tried via S3 operations.  

For the purpose of POC, it is okay to inject credentials for each task, however, to promote the solution, we at least want to have one place to inject credentials. So, inject once at one place, used  for all tasks.

I recall in some posts that, you mentioned that, bamboo credential variables name are significant, so do we have any way to set the credentials variables which can be automatically used by all tasks?

Regardless, I am happy that I have progressed so much that I can explore all the AWS tasks to provide enough show cases for the decision-making. 

Thanks for the help! 

 Shao

Like Steffen Opel _Utoolity_ likes this

@Shao Cai - glad you got this to work! 

We have a page documenting the general approach of Injecting task configuration via Bamboo variables (which btw. not only works for credentials, but also most other parameters, thereby providing one of three options to Providing task configuration as code).

The main takeaway is that you can achieve variable reuse across tasks by providing either global or plan level Bamboo variables so that you can reference the same variable names in each task and only need to update the variables in one place.

The only relevant naming constraint is that you should add the magic phrase "password" to variables containing sensitive information so that they will be masked with "********" in the build logs (this is unfortunately not mentioned in the official docs).

For example, we have defined the following global variables in our related test scenarios (the access key ID is not considered a secret, but you could also mask it of course):

awsAccessKeyId
awsSecretAccessKeyPassword
awsSessionTokenPassword

You would then use these variables from our tasks via the following references (note the  'bamboo' prefix required here):

${bamboo.awsAccessKeyId}
${bamboo.awsSecretAccessKeyPassword}
${bamboo.awsSessionTokenPassword}

I hope this helps to simplify your workaround, and also illustrates using variables for general configuration reuse in Bamboo builds and deployments.

That being said, the main value proposition of our Identity Federation for AWS apps is to provide a secure and convenient way to use temporary AWS credentials derived from centrally managed long-term credentials so that you do not need such workarounds via variables at all - I'll provide an answer to your resp. follow up question later today.

Cheers,
Steffen

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 101 Video

G’day Community! As we gear up to introduce Bamboo Data Center to the world, we wanted to make sure that we shared a bit more about Bamboo, the product. Our team has put together an overview video ...

203 views 4 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you