How to provide temporary AWS credentials to the AWS Command Line Interface (AWS CLI) via Bamboo variables

You want to use AWS credentials securely from AWS unaware tasks, or you encounter a limitation or bug within Utoolity's AWS related Bamboo apps and are in need of a workaround:

Step-by-step guide

As of Identity Federation for AWS 2.2 (bundled free of charge with Tasks for AWS (Bamboo) and Automation with AWS (Bamboo)), you can use the AWS Credentials Variables task to ease using the AWS Command Line Interface (AWS CLI) in turn, which is a unified tool to manage [almost all current and future] AWS services.

  1. Configure the AWS Credentials Variables task with the same AWS credentials source you would use for a dedicated task - this makes the resulting temporary AWS security credentials available as Bamboo variables.

  2. Inject these AWS credentials variables as environment variables into a subsequent Bamboo Script task, for example:

    Bash/Unix shell

    export AWS_ACCESS_KEY_ID=$bamboo_custom_aws_accessKeyId export AWS_SECRET_ACCESS_KEY=$bamboo_custom_aws_secretAccessKey_password export AWS_SESSION_TOKEN=$bamboo_custom_aws_sessionToken_password


    $AWS_ACCESS_KEY_ID = $Env:bamboo_custom_aws_accessKeyId $AWS_SECRET_ACCESS_KEY = $Env:bamboo_custom_aws_secretAccessKey_password $AWS_SESSION_TOKEN = $Env:bamboo_custom_aws_sessionToken_password

    The expected environment variable names are significant so that they will be automatically picked up by the AWS CLI.

  3. Refer to the AWS CLI reference to determine the relevant commands for your use case, for example, use describe-stacks to retrieve details for the myteststack stack:

    aws --region ap-southeast-2 cloudformation describe-stacks --stack-name myteststack

    This might return a result like the following:

  4. (Optional) Post process the AWS CLI output to extract values relevant to your use case:


    JSON post processing

    There are two main options to post process the AWS CLI's output:

    1. The AWS CLI offers native control the command output in various ways, notably including an option to filter the default JSON output by means of the --query option.

    2. If aforementioned --query options turns out to be limiting still for your use case, or you are more comfortable with using a dedicated tool, the lightweight and flexible command-line JSON processor jq provides even more powerful options to slice and filter and map and transform structured data with the same ease that sedawkgrep and friends let you play with text.

Atlassian®, Atlassian Bamboo®, Bitbucket®, Atlassian Crowd®, Confluence®, Jira®, Jira Service Management™, Opsgenie®, and Statuspage™ are registered trademarks of Atlassian.
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of, Inc. or its affiliates in the United States and/or other countries.

Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.