堆栈内存溢出
  简体   繁体   English

如何使用 Jenkins 的 AWS 角色部署 CDK?

[英]How to deploy CDK with AWS role from Jenkins?

 原文  2020-01-16 08:39:28       amazon-web-services/ jenkins/ amazon-cloudformation/ aws-cdk

问题描述

Hi I have created CDK project with jenkins.嗨,我已经用 jenkins 创建了 CDK 项目。 I want to deploy with role.我想使用角色进行部署。 For example cdk deploy with role.例如带有角色的 cdk 部署。 For example In cloudformation I was doing like below.例如在 cloudformation 我正在做如下。

cfn_manage deploy-stack \
  --stack-name "$CFN_CDK_STACK" \
  --template-file "cloudformation/templates/cdk.yml" \
  --parameters-file "$PARAMS_FILE" \
  --role-name infra-cfnrole-location-nonprivileged

Now I have CDK project as below.现在我有如下 CDK 项目。

checkout scm
              withCredentials([[$class: 'AmazonWebServicesCredentialsBinding',credentialsId: "${env.PROJECT_ID}-aws-${CFN_ENVIRONMENT}"]]) {
                abc = docker.build('cdkimage', "--build-arg http_proxy=${env.http_proxy} --build-arg https_proxy=${env.https_proxy} .")
                abc.inside{
                sh 'ls -la'
                sh "bash ./scripts/build.sh"
              }

Then inside build.sh然后在 build.sh 里面

NONPRIV_ROLE_NAME='infra-cfnrole-location-nonprivileged'
aws sts assume-role --role-arn 'arn:aws:iam::id:role/infra-cfnrole-location-nonprivileged' --role-session-name jenkins --query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text
cdk synth
cdk deploy

This is throwing error这是抛出错误

An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::id:user/infra-prjauth-location is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::187628286232:role/infra-cfnrole-location-nonprivileged

For the role cfnrole-location-nonprivileged in trusted relationships I have below policy对于受信任关系中的角色 cfnrole-location-nonprivileged 我有以下策略

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "cloudformation.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Can someone help me to deploy with role?有人可以帮我部署角色吗? Any help would be appreciated.任何帮助,将不胜感激。 Thanks谢谢

1 个解决方案

解决方案1
 0  2020-01-16 09:10:20

I think the issue is that you haven't specifically trusted your IAM User in the IAM Role's trusted relationships.我认为问题在于您在 IAM 角色的信任关系中没有特别信任您的 IAM 用户。

Assuming that this role has the correct permissions needed for a CDK deploy (see here for more info on that), you need to allow your IAM user to access the role, not cloudformation .假设此角色具有 CDK 部署所需的正确权限(有关更多信息,请参见此处),您需要允许您的 IAM 用户访问该角色,而不是 cloudformation Cloudformation already has access to your account resources. Cloudformation 已经可以访问您的帐户资源。

I think this version of the trusted relationships policy should do the trick:我认为这个版本的信任关系策略应该可以解决问题:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": "<full ARN of the relevant user>",
      "Action": "sts:AssumeRole"
    }
  ]
}

Let me know if it works!让我知道它是否有效!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS CDK 使用角色部署 - AWS CDK deploy using role 如何在 cdk deploy 命令中使用 aws 角色 arn - How to use aws role arn in cdk deploy command AWS CDK:如何将资源部署到不同的账户? - AWS CDK: how to deploy resources to different accounts? 如何将 AWS CDK 堆栈部署到多个账户? - How to deploy AWS CDK stacks to multiple accounts? 如何多次部署 AWS CDK 应用程序? - How to deploy AWS CDK app multiple times? 如何使用 CDK 部署 aws EventBridge - Python 示例 - How to deploy aws EventBridge with CDK - Python example 如何使用 CDK、sagemaker 部署 AWS? - How to deploy AWS using CDK, sagemaker? 如何在 AWS-CDK 应用程序中形成没有 cdk synt 和 cdk deploy 的云形成模板? - How to form cloud formation template without cdk synt and cdk deploy in AWS-CDK app? 如何在部署期间使用非 AWS 资源扩展 AWS CDK - How to extend AWS CDK with non AWS Resources during deploy 如何使用jenkins进行构建并在AWS上部署? - How to build with jenkins and deploy on aws?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM