pipeline-aws-plugin icon indicating copy to clipboard operation
pipeline-aws-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Pipeline-aws-plugin is pulling the latest version of aws-java-sdk:1.12.69 which seems to be breaking aws assumeRole

Open toddatapiture opened this issue 3 years ago • 1 comments

Version report

Jenkins and plugins versions report:

Jenkins version: 2.289.3 - Plugin versions: pipeline-aws:1.0 -> latest
  • What Operating System are you using (both controller, and any agents involved in the problem)?
AWS EC2 Linux/UNIX

Reproduction steps

We believe the plugin is pulling the latest release of aws-java-sdk:1.12.69 (https://plugins.jenkins.io/aws-java-sdk/#releases). This seems to be breaking our current Jenkins pipelines that are using `withAWS`. 
Here is an example:

withAWS(role: "${env.AWS_ENV_ROLE}", roleAccount: "${env.AWS_ENV_ACCOUNT_ID}", region: "${env.AWS_ENV_REGION}") {
 some logic here
}

image image

### Results

Expected result:

Assume AWS Role

Actual result:

 com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/platform-services-eks-nodes-NodeInstanceRole-xxxxxxxxxxxxxxxxxxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxxxxxxxx:role/ApitureInfrastructureServiceRole (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: xxxxxxxxxxxxxxxxxxxxx; Proxy: null)

toddatapiture avatar Sep 29 '21 16:09 toddatapiture