How Build Nodes able to access the AWS credentials configured on Head/Server node

Avatar
Jayesh Rajput
Created

Hi All,

I'm curious to know how the build/agent nodes able to communicate with third party services like AWS ECR when running the builds even though we have only configured the AWS credentials on TeamCity Head/Server node and not on TeamCity Build/Agent nodes. I wanted to know how the build/agent nodes able to access the AWS credentials that are configured on TeamCity server node as it's a black box for me. For connection configuration please find the attached screenshot.

Untitled picture.png Machine generated alternative text: Edit Connection Connection Ype: Display name: * Re-gG&y Wpe: AWS region: AWS Security Credentials Credentials type: Open IAM Console IAM role ARN: ID: Default Credential Provider Chain: Target account ID: • Cancel Amazon ECR Amazon ECR (1) Provide some name to distinguish this connection from others. ECR Private US East (N. Virginia) All resources must be located in this region O Access keys use pre-configured AWS account access keys @ Temporary credentials Get temporary access keys via AWS STS arn:aws:iam::406136993343: role/aws-aOOOO- Pre-configured IAM role with necessary permissions Extemal ID strongly recommended to be used in role trust relationship condition 406136993343 AWS account ID to log into (digits only) Test Connection Ink Drawings Ink Drawings Ink Drawings Ink Drawings Ink Drawings

Thanks,
Jayesh

Votes

0

Share

1 comment
Avatar
Tom Sun
Created

Hi Jayesh,

It looks like you are referring to a TeamCity build feature.


The AWS credentials build feature makes AWS connection credentials accessible from within a build on an agent. To use this feature, you need at least one AWS connection configured in your project.

TeamCity provides various build features to supply credentials when a build requires them, such as AWS credentials, Docker support, and Jira Cloud integration, etc...

Best Regards,
Tom

0

Please sign in to leave a comment.