[#375] Allow cross-account AWS IAM role assumption into opt-in regions #376

choopka · 2025-03-03T10:40:15Z

Added authRegion drop-down list-box & variable to allow explicitly stating the region for authenticating with AWS IAM. This will address Issue #375 by permitting authentication with a region that is opted-in in the source AWS account, while accessing ECS clusters in an opt-in region in the target account (which is not opted-in for the source account).

The solution was adding an authRegion list-box to choose the region used for IAM authentication, which is stored in an authRegion variable. This box works in exactly the same manner as the regionName variable box, but by separating them it is now possible to authenticate with AWS IAM in region A while using ECS clusters in region B.

Testing done by:

Adding authRegion to the fields in the automated test
Installing the plugin and running it on a local installation of LTS Jenkins Controller (see attached screenshot)

3. Successfully viewing and running ECS agents on ECS clusters in an opted-in region in the target account (which is not opted-in for the Jenkins Controller account), using IAM assume-role for access to the clusters.

Submitter checklist

Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
Ensure that the pull request title represents the desired changelog entry
Please describe what you did
Link to relevant issues in GitHub or Jira
Link to relevant pull requests, esp. upstream and downstream changes - none found
Ensure you have provided tests - that demonstrates feature works or fixes the issue

… opt-in regions Added authRegion drop-down list-box & variable to allow explicitly stating the region for authenticating with AWS IAM.