pipeline-aws-plugin icon indicating copy to clipboard operation
pipeline-aws-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

withaws runs with PrincipalID as requester email or admin

Open basilboonk opened this issue 5 years ago • 0 comments

Description

Can we change the withAWS assume role ID to the username of the person who ran the jenkins job. Is there is an option available already ?

Steps to Reproduce

  1. run pipeline job with : withAWS(region: 'region', role:'role-name', roleAccount:"accountID")
  2. the log shows as follows: [Pipeline] withAWS Setting AWS region <region> Requesting assume roleAssumed role arn:aws:sts::<AccountID>:assumed-role/role/Jenkins-job-name-6 with id ERFFXODUDDRRFKMTI52XQD:Jenkins-job-name-6 [Pipeline] { [Pipeline] sh

Expected behavior: [What you expected to happen] When we check the AWS cloudtrail (for eg: CFT deployment) the trail should show username of the user who ran the jenkins job using withAWS

Actual behavior: [What actually happened] the trail shows username as "Jenkins-job-name-6"

Environment

Jenkins-Version: 2.176.1

Plugin-Version: 1.38

Master/Slave Setup: The job is running on a custom docker image on a CoreOS slave (with EC2 builder plugin)

basilboonk avatar Jul 19 '19 12:07 basilboonk