Setting AWS Credentials, Script Task and PowerShell

Jeremy Roelfs January 24, 2018

For a Script Task in your plan. You typically need to set your AWS credentials to point to and use your EC2 instances.

Set-Credentials is the AWS way, but that does not work.

Instead use this?
SET AWS_ACCESS_KEY_ID=$Env:bamboo_AWSAccessKeyId
SET AWS_SECRET_ACCESS_KEY=$Env:bamboo_AWSSecretKeyPassword
SET AWS_DEFAULT_REGION=us-east-1

 

Put it is still not pointing to my EC2 instance correctly. None of my AWS CLI commands work.

4 answers

1 accepted

0 votes
Answer accepted
Jeremy Roelfs January 31, 2018

You can't set the creds in an inline PS. Or, at least I have not been able to find a way to.

Recommend using an inline cmd as follows.

Create a Script task. Use cmd. Set your creds:

@echo off
SET AWS_ACCESS_KEY_ID=${bamboo.AWSAccessKeyId}
SET AWS_SECRET_ACCESS_KEY=${bamboo.AWSSecretKeyPassword}
SET AWS_DEFAULT_REGION=us-east-1

Then, if you need to invoke any PowerShell scripts or other functionality.

Create a Local Agent so you can talk to your local bamboo server. Remember everything works from these agents.
You do not need to setup any capability.
Bamboo's auto-magic will chose the correct agent to build with.

Then in that same inline cmd use the below code to talk to your PowerShell scripts correctly:

powershell -NoProfile -Command "C:\scripts\<myPSscript>.ps1 <arg>; exit $LASTEXITCODE" < NUL

Reference

 

This seems to work well for our needs. HTH.

 

1 vote
Steffen Opel _Utoolity_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 25, 2018

Update 2018-02-26: We have fixed the below referenced example from our docs by adding the required 'Env:' prefix for accessing environment variables from PowerShell.

According to the related documentation for our (Utoolity's) AWS Credentials Variables task, the following syntax for referencing Bamboo environment variables in PowerShell should work within Bamboo's Script task:

$AWS_ACCESS_KEY_ID = $Env:bamboo_custom_aws_accessKeyId
$AWS_SECRET_ACCESS_KEY = $Env:bamboo_custom_aws_secretAccessKey_password
$AWS_SESSION_TOKEN = $Env:bamboo_custom_aws_sessionToken_password

So given your Bamboo variable names, the following should do the trick in your AWS CLI based scenario:

$AWS_ACCESS_KEY_ID = $Env:bamboo_AWSAccessKeyId
$AWS_SECRET_ACCESS_KEY = $Env:bamboo_AWSSecretKeyPassword

Caveats

Please note that those standard environment variables only work for the AWS CLI and not the AWS Tools for PowerShell due to an easily confusing difference between these two:

  • The AWS CLI supports specifying credentials via environment variables (i.e. '$AWS_ACCESS_KEY_ID' etc.), but does not support specifying credentials via the command line.
  • The AWS Tools for PowerShell support specifying credentials via the command line (i.e. '-AccessKey $Env:bamboo_AWSAccessKeyId' etc.), but do not support specifying credentials via environment variables.

Further, at least the AWS Tools for PowerShell will also fall back to any subsequent credentials source in the default credentials provider chain in case credentials explicitly specified on the command line are incorrect or absent (rather than complaining about an incorrect parameter), which is at least a bit counter intuitive I think.

Jeremy Roelfs January 29, 2018

That does not work either. I think this is working

$AWS_ACCESS_KEY_ID="${bamboo.AWSAccessKeyId}"
$AWS_SECRET_ACCESS_KEY="${bamboo.AWSSecretKeyPassword}"
$AWS_DEFAULT_REGION="us-east-1"

Jeremy Roelfs January 30, 2018

NOPE. The above doesn't work either. Set-AWSCredentials doesn't work... how the do you set the fricken credentials? Seems like pretty basic, straight-forward and common thing? Are we restricted to using a .ps1 file or a cmd?

Jeremy Roelfs January 30, 2018

I can get the key/secret key in the script. You can Write-Host and they show up. I just cannot set the AWS variables so my commands will work

Steffen Opel _Utoolity_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 26, 2018

@Jeremy Roelfs - We have analyzed this oddity further and identified the syntax error in our documentation, namely the missing 'Env:' prefix before the environment variables. This means that the right hand side of your initial attempt combined with the left hand side of our example finally yields a working solution for your AWS CLI scenario ;)

I've also added some additional caveats to be aware of when debugging these topics (with the odd PowerShell credentials provider chain fallback also causing our respectively ill composed unit test to succeed rather than fail, because it used the credentials from the elastic agent's EC2 instance profile rather than those never resolved variables ...).

Jeremy Roelfs February 27, 2018

Great! Thank you guys for following up! Appreciate it!

0 votes
Tanishka March 21, 2020

you can set it by :

 

#1. How to configure AWS CLI

➜ ~ aws configure
AWS Access Key ID [****************xxxxx]: XXXXXXXXXXXXXX
AWS Secret Access Key [****************xxxxx]: XXXXXXXXXXXXXXXXXXXXXXX
Default region name [us-east-1]:
Default output format [json]:

For details check this https://thedbadmin.com/aws-mysql-rds-database-creation-using-awscli/ 

0 votes
Alexey Chystoprudov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 24, 2018

@Jeremy Roelfs, when you see output or logs of Script task exception Bamboo will show what environment variables are available for script. Most possible you should use 

${bamboo_AWSAccessKeyId} variable name, not $Env: form

Jeremy Roelfs January 24, 2018

I never could get it working in PowerShell. Not sure what I'm doing wrong. So I switched to a inline cmd. It took some work getting my commands switched to a cmd, but I can set the variables just fine now:

@echo off
SET AWS_ACCESS_KEY_ID=${bamboo.AWSAccessKeyId}
SET AWS_SECRET_ACCESS_KEY=${bamboo.AWSSecretKeyPassword}
SET AWS_DEFAULT_REGION=us-east-1

Jeremy Roelfs January 25, 2018

@Alexey Chystoprudov We have to use PowerShell, so I'm back again... can you please just give me an example?

is it SET AWS_ACCESS_KEY_ID=${bamboo_AWSAccessKeyId}

This is how you set it in PowerShell: $env:AWS_ACCESS_KEY_ID=<key here>

But this: $env:AWS_ACCESS_KEY_ID=${bamboo_AWSAccessKeyId} does not work in the Script Task.

The error I receive is "A positional parameter cannot be found that accepts argument" Real descriptive...

What is it exactly? Can you give me a full example please?

Alexey Chystoprudov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 25, 2018

@Jeremy Roelfs, I'm not familiar with PowerShell scripts

Shao Cai July 10, 2019

@Jeremy Roelfs  Hi Jeremy, just want to check with you about your findings using Bamboo for AWS deployment,  did you use the temporary AWS credentials for TASK for AWS?  

I am currently exploring if we can use BAMBOO and TASK for AWS to fulfill AWS deployment, I am facing the similar challenges.

My first step is to injecting temporary AWS credentials ( access key id, Secrete access key and security token), then use features offered by TASKS for AWS to mange AWS environment.

If I am lucky for the first step, then, I will explore automatic way to get temporary AWS credentials via ADFS ID verification and SAML 2.0 federation STS, which might requires customization. As @Steffen Opel _Utoolity_ mentioned in other thread, such SAML 2.0 federation is not currently supported by TASKS for AWS.

After reading the document of TASKS for AWS, I like the tool offered lots of AWS operation functions and can not wait to explore more.

Hope you can share any of your thoughts on how integrate AWS temporary credentials with TASKS for AWS, much appreciated.

Thanks

Shao

  

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events