You want to use AWS credentials securely from AWS unaware tasks, or you encounter a limitation or bug within Utoolity's AWS related Bamboo apps and are in need of a workaround:
Step-by-step guide
As of Identity Federation for AWS 2.2 (bundled free of charge with Tasks for AWS (Bamboo) and Automation with AWS (Bamboo)), you can use the AWS Credentials Variables task to ease using the AWS Command Line Interface (AWS CLI) in turn, which is a unified tool to manage [almost all current and future] AWS services.
Configure the AWS Credentials Variables task with the same AWS credentials source you would use for a dedicated task - this makes the resulting temporary AWS security credentials available as Bamboo variables.
Inject these AWS credentials variables as environment variables into a subsequent Bamboo Script task, for example:
Bash/Unix shell
Code Block language bash export AWS_ACCESS_KEY_ID=$bamboo_custom_aws_accessKeyId export AWS_SECRET_ACCESS_KEY=$bamboo_custom_aws_secretAccessKey_password export AWS_SESSION_TOKEN=$bamboo_custom_aws_sessionToken_passwordPowerShell
Code Block language powershell $AWS_ACCESS_KEY_ID = $Env:bamboo_custom_aws_accessKeyId $AWS_SECRET_ACCESS_KEY = $Env:bamboo_custom_aws_secretAccessKey_password $AWS_SESSION_TOKEN = $Env:bamboo_custom_aws_sessionToken_password
The expected environment variable names are significant so that they will be automatically picked up by the AWS CLI.Refer to the AWS CLI reference to determine the relevant commands for your use case, for example, use describe-stacks to retrieve details for the
myteststackstack:Code Block language bash aws --region ap-southeast-2 cloudformation describe-stacks --stack-name myteststackThis might return a result like the following:
Code Block language js { "Stacks": [ { "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/myteststack/466df9e0-0dff-08e3-8e2f-5088487c4896", "Description": "AWS CloudFormation Sample Template S3_Bucket: Sample template showing how to create a publicly accessible S3 bucket. **WARNING** This template creates an S3 bucket. You will be billed for the AWS resources used if you create a stack from this template.", "Tags": [], "Outputs": [ { "Description": "Name of S3 bucket to hold website content", "OutputKey": "BucketName", "OutputValue": "myteststack-s3bucket-jssofi1zie2w" } ], "StackStatusReason": null, "CreationTime": "2013-08-23T01:02:15.422Z", "Capabilities": [], "StackName": "myteststack", "StackStatus": "CREATE_COMPLETE", "DisableRollback": false } ] }(Optional) Post process the AWS CLI output to extract values relevant to your use case:
- JSON post processing
There are two main options to post process the AWS CLI's output:
The AWS CLI offers native control the command output in various ways, notably including an option to filter the default JSON output by means of the
--queryoption.If aforementioned
--queryoptions turns out to be limiting still for your use case, or you are more comfortable with using a dedicated tool, the lightweight and flexible command-line JSON processor jq provides even more powerful options to slice and filter and map and transform structured data with the same ease thatsed,awk,grepand friends let you play with text.
Related articles
| Filter by label (Content by label) | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Page Properties | ||
|---|---|---|
| ||
|