Child pages
  • CloudBees AWS Credentials Plugin

Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

Plugin Information

View CloudBees AWS Credentials on the plugin site for more information.

Allows storing Amazon IAM credentials within the Jenkins Credentials API.

Store Amazon IAM access keys (AWSAccessKeyId and AWSSecretKey) within the Jenkins Credentials API.

Also support IAM Roles and IAM MFA Token.

Changelog

Version 1.28 (Sep 2nd, 2019)

Version 1.27 (May 14th, 2019)

Version 1.26 (Feb 25th, 2019)

  • PR#48: Configurable Session Token Duration.
  • PR#51: Define default region for STS actions to fix regression introduced in 1.24

Version 1.25 (Feb 24th, 2019)

  • PR#50: [JENKINS-53101] Add Declarative credentials handler for AWS creds.

Version 1.24 (Nov 18th, 2018)

  • PR#46: Use the default provider chain from the AWS SDK.

Version 1.23 (Sept 28th, 2017)

  • PR#33
    • Bump to Java 7 as minimum requirement
    • Bump to 1.625.1 as minimum Jenkins version
    • Update credentials plugin dependency to version 2.1.6

Version 1.22 (Aug 30th, 2017)

  • "Assume Role" support improvements

Version 1.21 (Jun 15th, 2017)

  • Fix backward compatibility issue introduced by v1.17

Version 1.20 (Jun 3rd, 2017)

  • JENKINS-41967: Fix backward compatibility issue introduced by v1.17

Version 1.19 (Jan 23, 2017)

  • Fix backward compatibility issue introduced by v1.17

Version 1.18 (Jan 23, 2017)

  • Expose method through interface for getting credentials with MFA token passed in

Version 1.17 (Jan 13th, 2017)

  • Add support for assuming IAM roles (PR #12)

Version 1.16 (Jul 1st, 2016)

  • No labels

7 Comments

  1. Unknown User (harshimoo)

    Hi

    I'm getting the following exception when I try to push a docker image to ecr using docker publish plugin. I am using aws creds. I installed the aws cli on the slave and I can push images from the slave but not through jenkins.
    com.amazonaws.AmazonClientException: Unable to execute HTTP request: Connect to ecr.us-east-1.amazonaws.com:443 ecr.us-east-1.amazonaws.com/54.239.21.237 failed: connect timed out
    at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:747)
    at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:489)
    at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:448)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:397)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:378)
    at com.amazonaws.services.ecr.AmazonECRClient.doInvoke(AmazonECRClient.java:1170)
    at com.amazonaws.services.ecr.AmazonECRClient.invoke(AmazonECRClient.java:1146)
    at com.amazonaws.services.ecr.AmazonECRClient.getAuthorizationToken(AmazonECRClient.java:729)
    at com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential.getPassword(AmazonECSRegistryCredential.java:92)
    at com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryTokenSource.convert(AmazonECSRegistryTokenSource.java:48)
    at com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryTokenSource.convert(AmazonECSRegistryTokenSource.java:38)
    at jenkins.authentication.tokens.api.AuthenticationTokens.convert(AuthenticationTokens.java:148)
    at jenkins.authentication.tokens.api.AuthenticationTokens.convert(AuthenticationTokens.java:110)
    at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.getToken(DockerRegistryEndpoint.java:182)
    at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.newKeyMaterialFactory(DockerRegistryEndpoint.java:215)
    at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.newKeyMaterialFactory(DockerRegistryEndpoint.java:204)
    at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.newKeyMaterialFactory(DockerRegistryEndpoint.java:196)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.executeCmd(DockerBuilder.java:458)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.executeCmd(DockerBuilder.java:434)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.buildAndTag(DockerBuilder.java:376)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.exec(DockerBuilder.java:311)
    at com.cloudbees.dockerpublish.DockerBuilder$Perform.access$100(DockerBuilder.java:291)
    at com.cloudbees.dockerpublish.DockerBuilder.perform(DockerBuilder.java:262)
    at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
    at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:782)
    at hudson.model.Build$BuildExecution.build(Build.java:205)
    at hudson.model.Build$BuildExecution.doRun(Build.java:162)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
    at hudson.model.Run.execute(Run.java:1738)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:410)

  2. Unknown User (munishm)

    I am getting error on saving my job. Job uses aws binding credentials:

    org.kohsuke.stapler.WrongTypeException: Got type array but no lister class found for type class java.lang.String
    ...
    Caused: java.lang.IllegalArgumentException: Failed to convert the credentialsId parameter of the constructor public com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding(java.lang.String,java.lang.String,java.lang.String)
    ....
    Caused: java.lang.IllegalArgumentException: Failed to instantiate class com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding from {"accessKeyVariable":"AWS_ACCESS_KEY_ID","secretKeyVariable":"AWS_SECRET_ACCESS_KEY","credentialsId":["661501ac-9aa3-4402-9a11-54eef1fc0e7a",""],"stapler-class":"com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding","$class":"com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding"}
    ....
    Caused: java.lang.Error: Failed to instantiate class com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding from {"accessKeyVariable":"AWS_ACCESS_KEY_ID","secretKeyVariable":"AWS_SECRET_ACCESS_KEY","credentialsId":["661501ac-9aa3-4402-9a11-54eef1fc0e7a",""],"stapler-class":"com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding","$class":"com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding"}
    ...
    Caused: javax.servlet.ServletException
    ....

    Error screenshot in attachment.

    I have observed that the Credentials section of job changes to CredentialsID. When i created it for the first time it had Credentials Description.
    Has anyone faces issue like this before? This is bugging in for few hours by now.
    What is the fix for this.

    1. Unknown User (dbmcgrew)

      One of our users encountered the same error. Removing the binding of the environment variables to the keypair made the error go away.

  3. Unknown User (dhoer)

    How do you use this with declarative jenkinsfile?  

    1. Unknown User (jholland)

      Ha, just asking myself the same question right now!

      I think it's a case of creating the credential and then accessing it like it shows here: https://jenkins.io/doc/book/pipeline/syntax/#environment

      Or at least that's what I'm going to try right now.

      -Joe

  4. Unknown User (dhoer)

    Use withCredentials with declarative:

    withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: 'AWS_ID']]) {
    sh 'aws s3api list-buckets --query "Buckets[].Name"'
    }

     

  5. Unknown User (purezero)

    I am confused, does this plugin support MFA or not? According to the wiki it does but this issue seems to differ https://github.com/jenkinsci/aws-credentials-plugin/issues/16