The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Pipeline: AWS Steps

awaitDeploymentCompletion: Wait for AWS CodeDeploy deployment completion

  • deploymentId
    • Type: String

awsIdentity: Print and return the AWS identity

    cfInvalidate: Invalidate given paths in CloudFront distribution

    • distribution
      • Type: String
    • paths
        Array/List
      • Type: String
    • waitForCompletion (optional)
      • Type: boolean

    cfnCreateChangeSet: Create CloudFormation change set

    • changeSet
      • Type: String
    • stack
      • Type: String

    cfnDelete: Delete CloudFormation stack

    Delete Cloudformation Templates

    • stack
      This is the name of the existing Cloudformation template to delete
      • Type: String
    • pollInterval (optional)
      How often to check the status of the delete operation in milliseconds. 0 will disable event printing.
      • Type: long
    • timeoutInMinutes (optional)
      • Type: long

    cfnDeleteStackSet: Delete CloudFormation Stack Set

    • stackSet
      • Type: String
    • pollInterval (optional)
      • Type: long

    cfnDescribe: Describe outputs of CloudFormation stack

    • stack
      • Type: String

    cfnExecuteChangeSet: Execute CloudFormation change set

    • changeSet
      • Type: String
    • stack
      • Type: String
    • pollInterval (optional)
      • Type: long
    • timeoutInMinutes (optional)
      • Type: long
    • timeoutInSeconds (optional)
      • Type: long

    cfnExports: Describe CloudFormation global exports

      cfnUpdate: Create or Update CloudFormation stack

      • stack
        • Type: String

      cfnUpdateStackSet: Create or Update CloudFormation Stack Set

      • stackSet
        • Type: String

      cfnValidate: Validate CloudFormation template

      • file (optional)
        • Type: String
      • url (optional)
        • Type: String

      deployAPI: Deploy the given API Gateway API

      • api
        • Type: String
      • stage
        • Type: String
      • description (optional)
        • Type: String
      • variables (optional)
          Array/List
        • Type: String

      ec2ShareAmi: Share an AMI with other accounts

      • accountIds (optional)
          Array/List
        • Type: String
      • amiId (optional)
        • Type: String

      ecrLogin: Create and return the ECR login string

      • email (optional)
        • Type: boolean

      invokeLambda: Invoke a given Lambda function

      • functionName
        • Type: String

      listAWSAccounts: List all AWS accounts of the organization

        s3Copy: Copy file between S3 buckets

        Copy file between S3 buckets.

        • fromBucket
          This is the bucket of the existing file.
          • Type: String
        • fromPath
          This is the file path in the source bucket. Do not begin with a leading "/".
          • Type: String
        • toBucket
          This is the bucket of the new file.
          • Type: String
        • toPath
          This is the file path in the destination bucket. Do not begin with a leading "/".
          • Type: String
        • pathStyleAccessEnabled (optional)
          Enabled/Disable Path-style Access for AWS S3.
          • Type: boolean
        • payloadSigningEnabled (optional)
          Enabled/Disable Payload Signing for AWS S3.
          • Type: boolean
        • acl (optional)

          Canned ACL to add to the new file.

          • Private : Specifies the owner is granted Full Control. No one else has access rights. This is the default access control policy for any new buckets or objects.
          • PublicRead : Specifies the owner is granted Full Control and to the All Users group grantee is granted Read access.
          • PublicReadWrite: Specifies the owner is granted Full Control and to the All Users group grantee is granted Read and Write access.
          • AuthenticatedRead: Specifies the owner is granted Full Control and to the Authenticated Users group grantee is granted Read access.
          • LogDeliveryWrite: Specifies the owner is granted Full Control and to the Log Delivery group grantee is granted Write access.
          • BucketOwnerRead: Specifies the owner of the bucket, but not necessarily the same as the owner of the object, is granted Read access.
          • BucketOwnerFullControl: Specifies the owner of the bucket, but not necessarily the same as the owner of the object, is granted Full Control.
          • AwsExecRead: Specifies the owner is granted Full Control and Amazon EC2 is granted {@link Permission#Read} access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.

          • Values: Private, PublicRead, PublicReadWrite, AuthenticatedRead, LogDeliveryWrite, BucketOwnerRead, BucketOwnerFullControl, AwsExecRead
        • cacheControl (optional)
          Cache control to add to the HTTP request. Sample : "public,max-age=31536000"
          • Type: String
        • contentType (optional)
          • Type: String
        • kmsId (optional)
          • Type: String
        • metadatas (optional)
          Metadatas to add to the new file. Multiple metadatas must be separated with a ';' and name and value separated by a ':'. Sample : "Content-Type:image/svg+xml;Another:AnotherValue"
            Array/List
          • Type: String
        • sseAlgorithm (optional)
          Server Side Encryption Algorithm to add to the new file. Sample : "AES256"
          • Type: String

        s3Delete: Delete file from S3

        Delete a file/folder from S3. If the path ends in a "/", then the path will be interpreted to be a folder, and all of its contents will be removed.

        • bucket
          This is the bucket to use.
          • Type: String
        • path

          This is the path inside the bucket to delete. If this ends in a "/", then the path will be interpreted to be a folder, and all of its contents will be removed.

          Do not begin with a leading "/".

          • Type: String
        • pathStyleAccessEnabled (optional)
          Enabled/Disable Path-style Access for AWS S3.
          • Type: boolean
        • payloadSigningEnabled (optional)
          Enabled/Disable Payload Signing for AWS S3.
          • Type: boolean

        s3Download: Copy file from S3

        Download a file/folder from S3 to the local workspace. Set optional parameter force to true to overwrite any existing files in workspace. If the path ends with a /, then the complete virtual directory will be downloaded.

        • file
          This is the local target file to download into.
          • Type: String
        • bucket
          This is the bucket to use.
          • Type: String
        • pathStyleAccessEnabled (optional)
          Enabled/Disable Path-style Access for AWS S3.
          • Type: boolean
        • payloadSigningEnabled (optional)
          Enabled/Disable Payload Signing for AWS S3.
          • Type: boolean
        • force (optional)
          Set this to true to overwrite local workspace files.
          • Type: boolean
        • path (optional)
          This is the path inside the bucket to use. Do not begin with a leading "/".
          • Type: String

        s3FindFiles: Find files in S3

        Return a list of all of the files/folders in the bucket. If path is given, then it will be used as the root of the search. Results are returned relative to path; if path is not given, then the results will contain the full S3 path.

        The following all ultimately return one item referring to "path/to/my/file.ext"; however, by limiting the scope via path, the results are different.

        • files = s3FindFiles bucket: "my-bucket", glob: "path/to/my/file.ext"
          // files[0].name = "file.ext"
          // files[0].path = "path/to/my/file.ext"
        • files = s3FindFiles bucket: "my-bucket", path: "path/to/", glob: "my/file.ext"
          // files[0].name = "file.ext"
          // files[0].path = "my/file.ext"
        • files = s3FindFiles bucket: "my-bucket", path: "path/to/my/", glob: "file.ext"
          // files[0].name = "file.ext"
          // files[0].path = "file.ext"

        List every file in the bucket:

        • s3FindFiles bucket: "my-bucket", glob: "**", onlyFiles: true

        The return format is identical to that of the findFiles step. This will return an array of FileWrapper instances with the following properties:

        • name: the filename portion of the path (for "path/to/my/file.ext", this would be "file.ext")
        • path: the full path of the file, relative to the path specified (for path="path/to/", this property of the file "path/to/my/file.ext" would be "my/file.ext")
        • directory: true if this is a directory; false otherwise
        • length: the length of the file (this is always "0" for directories)
        • lastModified: the last modification timestamp, in milliseconds since the Unix epoch (this is always "0" for directories)
        When used in a string context, a FileWrapper object returns the value of its path.

        • bucket
          This is the bucket to use.
          • Type: String
        • pathStyleAccessEnabled (optional)
          Enabled/Disable Path-style Access for AWS S3.
          • Type: boolean
        • payloadSigningEnabled (optional)
          Enabled/Disable Payload Signing for AWS S3.
          • Type: boolean
        • glob (optional)

          This is the glob to use to match files/folders. You may use a full file name/path (for example "path/to/file.ext"), but you may also use a glob (for example, "path/t*/file.*").

          If left blank, this will perform the equivalent function of "*".

          To list absolutely everything, use "**".

          • Type: String
        • onlyFiles (optional)
          Set this to true to only return actual files. Otherwise, by default, this will return both files and folders.
          • Type: boolean
        • path (optional)
          This is the path inside the bucket to use as the root of the search. Do not begin with a leading "/".
          • Type: String

        s3PresignURL: Presign file in S3

        • bucket
          • Type: String
        • key
          • Type: String
        • httpMethod
          • Type: String
        • durationInSeconds
          • Type: int
        • pathStyleAccessEnabled (optional)
          • Type: boolean
        • payloadSigningEnabled (optional)
          • Type: boolean

        s3Upload: Copy file to S3

        Upload a file/folder from the workspace to an S3 bucket. If the file parameter denotes a directory, then the complete directory (including all subfolders) will be uploaded.

        • bucket
          This is the bucket to use.
          • Type: String
        • pathStyleAccessEnabled (optional)
          Enabled/Disable Path-style Access for AWS S3.
          • Type: boolean
        • payloadSigningEnabled (optional)
          Enabled/Disable Payload Signing for AWS S3.
          • Type: boolean
        • acl (optional)

          Canned ACL to add to the upload request.

          • Private : Specifies the owner is granted Full Control. No one else has access rights. This is the default access control policy for any new buckets or objects.
          • PublicRead : Specifies the owner is granted Full Control and to the All Users group grantee is granted Read access.
          • PublicReadWrite: Specifies the owner is granted Full Control and to the All Users group grantee is granted Read and Write access.
          • AuthenticatedRead: Specifies the owner is granted Full Control and to the Authenticated Users group grantee is granted Read access.
          • LogDeliveryWrite: Specifies the owner is granted Full Control and to the Log Delivery group grantee is granted Write access.
          • BucketOwnerRead: Specifies the owner of the bucket, but not necessarily the same as the owner of the object, is granted Read access.
          • BucketOwnerFullControl: Specifies the owner of the bucket, but not necessarily the same as the owner of the object, is granted Full Control.
          • AwsExecRead: Specifies the owner is granted Full Control and Amazon EC2 is granted {@link Permission#Read} access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.

          • Values: Private, PublicRead, PublicReadWrite, AuthenticatedRead, LogDeliveryWrite, BucketOwnerRead, BucketOwnerFullControl, AwsExecRead
        • cacheControl (optional)
          • Type: String
        • contentEncoding (optional)
          • Type: String
        • contentType (optional)
          • Type: String
        • excludePathPattern (optional)
          This is the pattern to use to exclude files Sample : "*.svg"
          • Type: String
        • file (optional)
          This is the local file to upload from the workspace.
          • Type: String
        • includePathPattern (optional)
          This is the pattern to use to find files to push to S3 Sample : "dist/**"
          • Type: String
        • kmsId (optional)
          • Type: String
        • metadatas (optional)
          Metadatas to add to push file. Multiple metadatas must be separated with a ';' and name and value separated by a ':'. Sample : "Content-Type:image/svg+xml;Another:AnotherValue"
            Array/List
          • Type: String
        • path (optional)
          This is the path inside the bucket to use. Do not begin with a leading "/".
          • Type: String
        • sseAlgorithm (optional)
          Server Side Encryption Algorithm to add to push file. Sample : "AES256"
          • Type: String
        • workingDir (optional)
          Working directories for s3Upload plugin Sample : "dist"
          • Type: String

        setAccountAlias: Set the AWS account alias

        The setAccountAlias step set the given name as AWS account alias.

        • name
          Name to use as account alias.
          • Type: String

        snsPublish: Publish notification to SNS

        • topicArn
          • Type: String
        • subject
          • Type: String
        • message
          • Type: String
        • messageAttributes (optional)
            java.lang.String>

        updateIdP: Update thirdparty Identity Provider

        • name
          • Type: String
        • metadata
          • Type: String

        updateTrustPolicy: Update trust policy of IAM roles

        • roleName
          • Type: String
        • policyFile
          • Type: String

        withAWS: set AWS settings for nested block

        The withAWS step provides authorization for the nested steps. You can provide region and profile information or let Jenkins assume a role in another or the same AWS account. You can mix all parameters in one withAWS block.

        • credentials (optional)
          Use standard Jenkins UsernamePassword credentials. Note: the username should be your Access Key ID, and the password should be the Secret Access Key.
          • Type: String
        • duration (optional)
          • Type: int
        • endpointUrl (optional)
          The AWS endpoint-url.
          • Type: String
        • externalId (optional)
          (optional) The external ID.
          • Type: String
        • federatedUserId (optional)
          (optional) The federated user ID. It generates a set of temporary credentials and allows you to push a federated user id into cloud trail for auditing.
          • Type: String
        • iamMfaToken (optional)
          • Type: String
        • policy (optional)
          (optional) An additional policy that is to be combined with the policy associated with the role.
          • Type: String
        • principalArn (optional)
          Account principal ARN Note: Only use when pass a samlAssertion parameter
          • Type: String
        • profile (optional)
          Use this profile information from ~/.aws/config.
          • Type: String
        • region (optional)
          The AWS region.
          • Type: String
        • role (optional)
          Assume role information ( Role Account is optional; it uses current account as default, External ID is optional).
          • Type: String
        • roleAccount (optional)
          (optional) The account to use. This uses current account by default.
          • Type: String
        • roleSessionName (optional)
          • Type: String
        • samlAssertion (optional)
          SAML assertion, given by your IdP. Must be used with role, roleAccount and principalArn parameters Note: Will use this SAML assertion to make a assumeRole request to AWS for authentication. Any credentials passed will be ignored.
          • Type: String

        Was this page helpful?

        Please submit your feedback about this page through this quick form.

        Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

            


        See existing feedback here.