Configurable AWS_SESSION_TOKEN env variable #90
Description
Dependencies
None
Feature Request
Our cloud strategy is setup so that each deploy environment is its own AWS account. To provide feedback quickly to our users, we run cloud formation diffs in parallel for each AWS account. This normally works as expected, however we sometimes run into a race condition where the session token is overriden by another task in parallel execution. This results in a security token error from AWS.
I'd like to propose a feature that allows the AWS_SESSION_TOKEN environment variable to be configurable. Using this plugin in conjunction with withEnv, we can ensure that each task in parallel execution is using the correct AWS session.
Example:
node('build') {
def tasks = [:]
tasks['1'] = {
withCredentials([[
$class: 'AmazonWebServicesCredentialsBinding',
accessKeyVariable: 'AWS_ACCESS_KEY_ID_DEV',
credentialsId: 'dev-account',
secretKeyVariable: 'AWS_SECRET_ACCESS_KEY_DEV',
sessionTokenVaribale: 'AWS_SESSION_TOKEN_DEV']]
) {
withEnv([
'AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID_DEV',
'AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY_DEV',
'AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN_DEV'
]) {
//code
}
}
}
tasks['2'] = {
withCredentials([[
$class: 'AmazonWebServicesCredentialsBinding',
accessKeyVariable: 'AWS_ACCESS_KEY_ID_TEST',
credentialsId: 'test-account',
secretKeyVariable: 'AWS_SECRET_ACCESS_KEY_TEST',
sessionTokenVaribale: 'AWS_SESSION_TOKEN_TEST']]
) {
withEnv([
'AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID_TEST',
'AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY_TEST',
'AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN_TEST'
]) {
//code
}
}
}
parallel tasks
}