By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS SSO offline mode - Integrate Jenkins with AWS CodeCommit

0

Hello, I am using the AWS IAM (Identity Center - SSO) concept to log into AWS Accounts, integrated with AAD (Using SAML and SCIM protocols). A specific account was created under the AWS Cloud Tower for the AWS CodeCommit, to be used by the developer. I have Jenkins installed at my data center, I need to use Jenkins to deploy code to my local servers (Data Center) by getting the code from AWS CodeCommit (Pulling the code from the AWS CodeCommit). The challenge is: How Jenkins can SSO to AWS? especially as AWS SSO used users' action (Click allow), or (Fill the verification code). Any Idea about using AWS SSO in offline mode to avoid user actions for the Jenkins server?

I don't need to use (IAM) user. I don't need to build a new Jenkins server AWS. Thanks!

Topics
Developer ToolsSecurity, Identity, & ComplianceManagement & Governance
Tags
AWS CodeCommitSecurity, Identity, & ComplianceAWS Identity and Access ManagementAWS IAM Identity CenterAWS Account Management
Language
English
rePost-User-2140084
asked 7 months ago359 views
1 Answer
0

AWS IAM Identity Center (formerly known as AWS Single Sign-On) is designed for user access, not programs. While you can use it via CLI (aws sso), it still expects the presence of a user that can log in via a browser prompt and provide a verification code if required.

In your scenario, where an application (Jenkins) is running outside of AWS, the regular way is to use an IAM User with long-lived credentials (access key, secret access key). An even better way though, and also because you indicated not wanting to use an IAM User, is using IAM Roles Anywhere instead. That way, you won't need an IAM User and can benefit from short-term credentials. Be aware though that the setup process is slightly more complex as compared to an IAM User.

The setup of "IAM Roles Anywhere" is explained in this blog post in detail. It doesn't explain usage specific to Jenkins, but the concept and solution is generic enough that you should be able to apply it to your build pipeline.

profile pictureAWS
Daniel
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content