- 最新
- 投票最多
- 评论最多
AWS IAM Identity Center (formerly known as AWS Single Sign-On) is designed for user access, not programs. While you can use it via CLI (aws sso), it still expects the presence of a user that can log in via a browser prompt and provide a verification code if required.
In your scenario, where an application (Jenkins) is running outside of AWS, the regular way is to use an IAM User with long-lived credentials (access key, secret access key). An even better way though, and also because you indicated not wanting to use an IAM User, is using IAM Roles Anywhere instead. That way, you won't need an IAM User and can benefit from short-term credentials. Be aware though that the setup process is slightly more complex as compared to an IAM User.
The setup of "IAM Roles Anywhere" is explained in this blog post in detail. It doesn't explain usage specific to Jenkins, but the concept and solution is generic enough that you should be able to apply it to your build pipeline.
相关内容
AWS 官方已更新 3 年前- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前
