Aws Connection
Stores information and configuration for the access to Amazon Web Services.
Example. Adds a new Connection that allows TeamCity to store and manage AWS Credentials (IAM User Access Key). When using Session Credentials, a new temporary Access Key will be generated each time this connection is used.
project {
// Other Project settings ...
features {
// Other Project Features ...
awsConnection {
id = "AwsIamUser"
name = "AWS IAM User"
regionName = "eu-central-1"
credentialsType = static {
accessKeyId = "keyId"
secretAccessKey = "Link to credentialsJSON property containing AWS secret access key"
useSessionCredentials = true
}
stsEndpoint = "https://sts.eu-central-1.amazonaws.com"
}
Content copied to clipboard }
}
Example. Adds a new Connection that allows TeamCity to store and manage AWS Credentials (IAM User Access Key). This connection can be used by subprojects.
project {
// Other Project settings ...
features {
// Other Project Features ...
awsConnection {
id = "AwsIamUser"
name = "AWS IAM User"
regionName = "eu-central-1"
credentialsType = static {
accessKeyId = "keyId"
secretAccessKey = "Link to credentialsJSON property containing AWS secret access key"
}
allowInSubProjects = true
}
Content copied to clipboard }
}
Example. Adds a new Connection that allows TeamCity to store and manage AWS Credentials (IAM User Access Key). This connection can be used in build steps.
project {
// Other Project settings ...
features {
// Other Project Features ...
awsConnection {
id = "AwsIamUser"
name = "AWS IAM User"
regionName = "eu-central-1"
credentialsType = static {
accessKeyId = "keyId"
secretAccessKey = "Link to credentialsJSON property containing AWS secret access key"
}
allowInBuilds = true
}
Content copied to clipboard }
}
Example. Adds a new Connection that allows TeamCity to assume an AWS IAM Role using another AWS Connection.
project {
// Other Project settings ...
features {
// Other Project Features ...
awsConnection {
id = "AwsIamRole"
name = "AWS IAM Role"
regionName = "eu-central-1"
credentialsType = iamRole {
roleArn = "arn:aws:iam::account:role/role-name-with-path"
sessionName = "TeamCity-session-identifier"
awsConnectionId = "AwsIamUser"
}
stsEndpoint = "https://sts.eu-central-1.amazonaws.com"
}
Content copied to clipboard }
}
Example. Adds a new Connection that allows TeamCity to look for credentials in the default locations on the TeamCity server machine using the Default Credentials Provider Chain.
project {
// Other Project settings ...
features {
// Other Project Features ...
awsConnection {
id = "AwsDefaultCredsProviderChain"
name = "AWS Default Creds Provider Chain"
regionName = "eu-central-1"
stsEndpoint = "https://sts.eu-central-1.amazonaws.com"
credentialsType = default()
}
Content copied to clipboard }
}
See also
Properties
Whether build steps can utilize the connection or not
Whether sub-projects can utilize the connection or not
The way how to obtain credentials (just provide the keys, assume IAM role or other)
Custom identifier for this AWS Connection
Region where this connection will be used.
Endpoint from where to obtain session credentials
Functions
Copies parameters of this object to the specified target
Creates an instance of this project feature via reflection using a no argument constructor, used during copying. Throws an error if this class doesn't have a default constructor. Subclasses can override it to create an instance without using a default constructor.
Looks for credentials in this order: Env Vars - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY Java System Properties - aws.accessKeyId and aws.secretKey Web Identity Token credentials from the environment or container Credential profiles file at the default location (~/.aws/credentials) Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable, Instance profile credentials delivered through the Amazon EC2 metadata service more: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html
Uses another (principal) AWS connection to assume an IAM Role with its permissions. Please, note that the principal connection should have rights to assume the role, more: https://docs.aws.amazon.com/workdocs/latest/developerguide/wd-iam-grantdev.html
Validates this object and reports found errors to the provided consumer