You want to use AWS credentials securely from AWS unaware tasks, or you encounter a limitation or bug within Utoolity's AWS related Bamboo apps and are in need of a workaround:

Step-by-step guide

As of Identity Federation for AWS 2.2 (bundled free of charge with Tasks for AWS (Bamboo) and Automation with AWS (Bamboo)), you can use the AWS Credentials Variables task to ease using the AWS Command Line Interface (AWS CLI) in turn, which is a unified tool to manage [almost all current and future] AWS services.

  1. Configure the AWS Credentials Variables task with the same AWS credentials source you would use for a dedicated task - this makes the resulting temporary AWS security credentials available as Bamboo variables.

  2. Inject these AWS credentials variables as environment variables into a subsequent Bamboo Script task, for example:

    Bash/Unix shell

    export AWS_ACCESS_KEY_ID=$bamboo_custom_aws_accessKeyId
export AWS_SECRET_ACCESS_KEY=$bamboo_custom_aws_secretAccessKey_password
export AWS_SESSION_TOKEN=$bamboo_custom_aws_sessionToken_password

    PowerShell

    $AWS_ACCESS_KEY_ID = $Env:bamboo_custom_aws_accessKeyId
$AWS_SECRET_ACCESS_KEY = $Env:bamboo_custom_aws_secretAccessKey_password
$AWS_SESSION_TOKEN = $Env:bamboo_custom_aws_sessionToken_password


    (info) The expected environment variable names are significant so that they will be automatically picked up by the AWS CLI.

  3. Refer to the AWS CLI reference to determine the relevant commands for your use case, for example, use describe-stacks to retrieve details for the myteststack stack:

    aws --region ap-southeast-2 cloudformation describe-stacks --stack-name myteststack

    This might return a result like the following:

    {
    "Stacks":  [
        {
            "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/myteststack/466df9e0-0dff-08e3-8e2f-5088487c4896",
            "Description": "AWS CloudFormation Sample Template S3_Bucket: Sample template showing how to create a publicly accessible S3 bucket. **WARNING** This template creates an S3 bucket. You will be billed for the AWS resources used if you create a stack from this template.",
            "Tags": [],
            "Outputs": [
                {
                    "Description": "Name of S3 bucket to hold website content",
                    "OutputKey": "BucketName",
                    "OutputValue": "myteststack-s3bucket-jssofi1zie2w"
                }
            ],
            "StackStatusReason": null,
            "CreationTime": "2013-08-23T01:02:15.422Z",
            "Capabilities": [],
            "StackName": "myteststack",
            "StackStatus": "CREATE_COMPLETE",
            "DisableRollback": false
        }
    ]
}


  4. (Optional) Post process the AWS CLI output to extract values relevant to your use case:

    (info) JSON post processing

    There are two main options to post process the AWS CLI's output:

    1. The AWS CLI offers native control the command output in various ways, notably including an option to filter the default JSON output by means of the --query option.

    2. If aforementioned --query options turns out to be limiting still for your use case, or you are more comfortable with using a dedicated tool, the lightweight and flexible command-line JSON processor jq provides even more powerful options to slice and filter and map and transform structured data with the same ease that sedawkgrep and friends let you play with text.

Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.


Related issues