How to provide temporary AWS credentials to the AWS Command Line Interface (AWS CLI) via Bamboo variables
You want to use AWS credentials securely from AWS unaware tasks, or you encounter a limitation or bug within Utoolity's AWS related Bamboo apps and are in need of a workaround:
Step-by-step guide
As of Identity Federation for AWS 2.2 (bundled free of charge with Tasks for AWS (Bamboo) and Automation with AWS (Bamboo)), you can use the AWS Credentials Variables task to ease using the AWS Command Line Interface (AWS CLI) in turn, which is a unified tool to manage [almost all current and future] AWS services.
Configure the AWS Credentials Variables task with the same AWS credentials source you would use for a dedicated task - this makes the resulting temporary AWS security credentials available as Bamboo variables.
Inject these AWS credentials variables as environment variables into a subsequent Bamboo Script task, for example:
Bash/Unix shell
export AWS_ACCESS_KEY_ID=$bamboo_custom_aws_accessKeyId export AWS_SECRET_ACCESS_KEY=$bamboo_custom_aws_secretAccessKey_password export AWS_SESSION_TOKEN=$bamboo_custom_aws_sessionToken_password
PowerShell
$AWS_ACCESS_KEY_ID = $Env:bamboo_custom_aws_accessKeyId $AWS_SECRET_ACCESS_KEY = $Env:bamboo_custom_aws_secretAccessKey_password $AWS_SESSION_TOKEN = $Env:bamboo_custom_aws_sessionToken_password
The expected environment variable names are significant so that they will be automatically picked up by the AWS CLI.Refer to the AWS CLI reference to determine the relevant commands for your use case, for example, use describe-stacks to retrieve details for the
myteststack
stack:aws --region ap-southeast-2 cloudformation describe-stacks --stack-name myteststack
This might return a result like the following:
(Optional) Post process the AWS CLI output to extract values relevant to your use case:
JSON post processing
There are two main options to post process the AWS CLI's output:
The AWS CLI offers native control the command output in various ways, notably including an option to filter the default JSON output by means of the
--query
option.If aforementioned
--query
options turns out to be limiting still for your use case, or you are more comfortable with using a dedicated tool, the lightweight and flexible command-line JSON processor jq provides even more powerful options to slice and filter and map and transform structured data with the same ease thatsed
,awk
,grep
and friends let you play with text.
Related articles
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.