How to run the AWS CLI in a Jenkinsfile
tl;dr:
Add your AWS API keys as Jenkins credentials with the id ‘aws-key’, and use the following:
@Library('github.com/releaseworks/jenkinslib') _
node {
stage("List S3 buckets") {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'aws-key', usernameVariable: 'AWS_ACCESS_KEY_ID', passwordVariable: 'AWS_SECRET_ACCESS_KEY']]) {
AWS("--region=eu-west-1 s3 ls")
}
}
}
Step by step instructions
When building modern cloud-native architectures, you will often end up needing to run the AWS Command-Line Interface (CLI) in a Jenkinsfile.
The best practice for managing build dependencies in a Jenkinsfile is by using Docker images. Unfortunately, though, AWS has decided not to provide an official AWS CLI image (see https://github.com/aws/aws-cli/issues/3291).
Luckily, Releaseworks has released an open source Docker image with the latest AWS CLI, AND a Jenkins library that makes using it easy.
First, you will need to add your AWS API keys into Jenkins Credentials with the following instructions:
- Open the home page of your Jenkins installation
- Click “Credentials” on the left-hand menu
- Click on “System” -> “Global credentials” and “Add Credentials”
- Select the “Kind” to be “Username and password”
- As the username, enter your AWS Access Key
- As the password, enter your AWS Secret Key
- As the ID, enter “aws-key”
- Finally, save the credentials by clicking OK. Now you’re ready to edit your Jenkinsfile.
At the top of your Jenkinsfile, add the following line:
@Library('github.com/releaseworks/jenkinslib') _
This will load the Releaseworks Jenkins library, that includes the helper function that we will use. Don’t forget to include the trailing underscore!
Within your Jenkinsfile, where you wish to use the AWS CLI, use the following syntax:
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'aws-key', usernameVariable: 'AWS_ACCESS_KEY_ID', passwordVariable: 'AWS_SECRET_ACCESS_KEY']]) {
AWS("--region=eu-west-1 s3 ls")
}
You can add more AWS() calls as required. Please see the full documentation for the AWS function: https://github.com/releaseworks/jenkinslib#aws
Please note that this approach requires the Docker Pipeline plugin, and a working Docker daemon on your Jenkins server. See how to install Docker: https://docs.docker.com/install/
Note that you should never add sensitive information into your Jenkinsfiles (nor your code repository). Instead, you should use Jenkins Credentials, or ideally an external secrets manager.
Releaseworks Academy has a free online training course on Docker & Jenkins best practices: https://www.releaseworksacademy.com/courses/best-practices-docker-jenkins