Child pages
  • CloudBees AWS Credentials Plugin
Skip to end of metadata
Go to start of metadata

Plugin Information

View CloudBees Amazon Web Services Credentials on the plugin site for more information.

Allows storing Amazon IAM credentials within the Jenkins Credentials API.

Store Amazon IAM access keys (AWSAccessKeyId and AWSSecretKey) within the Jenkins Credentials API.

Also support IAM Roles and IAM MFA Token.

Changelog

Version 1.23 (Sept 28th, 2017)

  • PR#33
    • Bump to Java 7 as minimum requirement
    • Bump to 1.625.1 as minimum Jenkins version
    • Update credentials plugin dependency to version 2.1.6

Version 1.22 (Aug 30th, 2017)

  • "Assume Role" support improvements

Version 1.21 (Jun 15th, 2017)

  • Fix backward compatibility issue introduced by v1.17

Version 1.20 (Jun 3rd, 2017)

  • JENKINS-41967: Fix backward compatibility issue introduced by v1.17

Version 1.19 (Jan 23, 2017)

  • Fix backward compatibility issue introduced by v1.17

Version 1.18 (Jan 23, 2017)

  • Expose method through interface for getting credentials with MFA token passed in

Version 1.17 (Jan 13th, 2017)

  • Add support for assuming IAM roles (PR #12)

Version 1.16 (Jul 1st, 2016)

7 Comments

  1. Hi

    I'm getting the following exception when I try to push a docker image to ecr using docker publish plugin. I am using aws creds. I installed the aws cli on the slave and I can push images from the slave but not through jenkins.
    com.amazonaws.AmazonClientException: Unable to execute HTTP request: Connect to ecr.us-east-1.amazonaws.com:443 ecr.us-east-1.amazonaws.com/54.239.21.237 failed: connect timed out
    at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:747)
    at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:489)
    at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:448)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:397)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:378)
    at com.amazonaws.services.ecr.AmazonECRClient.doInvoke(AmazonECRClient.java:1170)
    at com.amazonaws.services.ecr.AmazonECRClient.invoke(AmazonECRClient.java:1146)
    at com.amazonaws.services.ecr.AmazonECRClient.getAuthorizationToken(AmazonECRClient.java:729)
    at com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential.getPassword(AmazonECSRegistryCredential.java:92)
    at com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryTokenSource.convert(AmazonECSRegistryTokenSource.java:48)
    at com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryTokenSource.convert(AmazonECSRegistryTokenSource.java:38)
    at jenkins.authentication.tokens.api.AuthenticationTokens.convert(AuthenticationTokens.java:148)
    at jenkins.authentication.tokens.api.AuthenticationTokens.convert(AuthenticationTokens.java:110)
    at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.getToken(DockerRegistryEndpoint.java:182)
    at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.newKeyMaterialFactory(DockerRegistryEndpoint.java:215)
    at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.newKeyMaterialFactory(DockerRegistryEndpoint.java:204)
    at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.newKeyMaterialFactory(DockerRegistryEndpoint.java:196)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.executeCmd(DockerBuilder.java:458)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.executeCmd(DockerBuilder.java:434)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.buildAndTag(DockerBuilder.java:376)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.exec(DockerBuilder.java:311)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.access$100(DockerBuilder.java:291)
    at com.cloudbees.dockerpublish.DockerBuilder.perform(DockerBuilder.java:262)
    at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
    at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:782)
    at hudson.model.Build$BuildExecution.build(Build.java:205)
    at hudson.model.Build$BuildExecution.doRun(Build.java:162)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
    at hudson.model.Run.execute(Run.java:1738)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:410)

  2. I am getting error on saving my job. Job uses aws binding credentials:

    org.kohsuke.stapler.WrongTypeException: Got type array but no lister class found for type class java.lang.String
    ...
    Caused: java.lang.IllegalArgumentException: Failed to convert the credentialsId parameter of the constructor public com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding(java.lang.String,java.lang.String,java.lang.String)
    ....
    Caused: java.lang.IllegalArgumentException: Failed to instantiate class com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding from {"accessKeyVariable":"AWS_ACCESS_KEY_ID","secretKeyVariable":"AWS_SECRET_ACCESS_KEY","credentialsId":["661501ac-9aa3-4402-9a11-54eef1fc0e7a",""],"stapler-class":"com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding","$class":"com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding"}
    ....
    Caused: java.lang.Error: Failed to instantiate class com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding from {"accessKeyVariable":"AWS_ACCESS_KEY_ID","secretKeyVariable":"AWS_SECRET_ACCESS_KEY","credentialsId":["661501ac-9aa3-4402-9a11-54eef1fc0e7a",""],"stapler-class":"com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding","$class":"com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding"}
    ...
    Caused: javax.servlet.ServletException
    ....

    Error screenshot in attachment.

    I have observed that the Credentials section of job changes to CredentialsID. When i created it for the first time it had Credentials Description.
    Has anyone faces issue like this before? This is bugging in for few hours by now.
    What is the fix for this.

    1. One of our users encountered the same error. Removing the binding of the environment variables to the keypair made the error go away.

  3. How do you use this with declarative jenkinsfile?  

    1. Ha, just asking myself the same question right now!

      I think it's a case of creating the credential and then accessing it like it shows here: https://jenkins.io/doc/book/pipeline/syntax/#environment

      Or at least that's what I'm going to try right now.

      -Joe

  4. Use withCredentials with declarative:

    withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: 'AWS_ID']]) {
    sh 'aws s3api list-buckets --query "Buckets[].Name"'
    }

     

  5. I am confused, does this plugin support MFA or not? According to the wiki it does but this issue seems to differ https://github.com/jenkinsci/aws-credentials-plugin/issues/16

Write a comment…