Octopus Deploy to AWS connection

kshatalov · 26 April 2022 14:50

I would like to understand capabilities of octopus deploy to connect to AWS. My current understanding there are 2 main ways to connect to AWS.

#1. Login as user to account and during deployment step assume a role
#2. Create EC2 instance on AWS with needed role and for deployment run AWS command via that EC2 instance.

I was wondering if there is STS support for Octopus Deploy → AWS. Welcome to the AWS Security Token Service API Reference - AWS Security Token Service

If there is no support yet, does anyone know if it is something that is on a road map?

Thank you

cory.reid · 26 April 2022 15:11

Hey @kshatalov , thanks for reaching out!

Can you tell me a little more about your AWS use case? You’re correct - the current methods in Octopus allow for setting the access key and authenticating with an account that way, or using an IAM role with an EC2 instance (either the Octopus server or the worker).

Can you tell me more about the use case where you’d prefer to use STS instead of the other methods? Since it requires reaching out to the AWS API, you could always create a custom script step that can get the authentication token. Unfortunately, we don’t currently have anything on our roadmap around AWS authentication, but happy to learn more about the use cases not currently served in our current approach!

kshatalov · 26 April 2022 15:20

Thank you for the feedback.

My organization for security reason has no users on AWS accounts and all interactions are done via STS and SSO. It looks like #1 method is out the window. #2 Will probably work.

I just wanted to know if there were any other options. Again, thank you for your feedback.

system · 27 May 2022 15:20

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.