{"id":2671,"date":"2020-02-27T17:46:34","date_gmt":"2020-02-27T16:46:34","guid":{"rendered":"https:\/\/geko2.factoryfy.com\/securing-jenkins-access-to-aws-part-i\/"},"modified":"2021-11-03T17:28:52","modified_gmt":"2021-11-03T16:28:52","slug":"securing-jenkins-access-to-aws-part-i","status":"publish","type":"post","link":"https:\/\/geko.cloud\/en\/securing-jenkins-access-to-aws-part-i\/","title":{"rendered":"Securing Jenkins access to AWS (part I)"},"content":{"rendered":"<p>Jenkins is an open source automation server used to accelerate the software delivery process and has become the<strong> <em>de facto<\/em> DevOps engine<\/strong>, specially for its scripted Jenkinsfile pipelines committed to source control. To accomplish its function, Jenkins needs to interface with some external systems, such as GitHub or, the reason for this article, AWS.<\/p>\n<p>One way to grant Jenkins access to AWS is to run it on an EC2 instance with an attached IAM role. This approach has some pros:<\/p>\n<ul>\n<li>It&#8217;s very easy to setup (you can even find it in the <a href=\"https:\/\/aws.amazon.com\/marketplace\/search\/results?searchTerms=jenkins\">AWS Marketplace<\/a>)<\/li>\n<li>No access keys are used, so no keys will ever be exposed<\/li>\n<\/ul>\n<p>But also some cons:<\/p>\n<ul>\n<li>Can&#8217;t run Jenkins out of AWS<\/li>\n<li>The attached IAM role must have all the permissions that all the jobs will ever need (how many Jenkins servers end up with <em>PowerUserAccess<\/em>?)<\/li>\n<li>All actions \/ events performed from Jenkins will have the same user name in CloudTrail, regardless of who executed the job<\/li>\n<\/ul>\n<p>If the cons beat the pros in your case, you can adopt <strong>another strategy<\/strong>.<\/p>\n<h2>Step 1: Create IAM users and roles<\/h2>\n<p>Create one IAM user for each Jenkins user that needs to run AWS-related jobs. The IAM user name should be easily guessed from Jenkins user name (if it can be the same, the better) and <strong>only<\/strong> have the following policy attached (more on this later):<\/p>\n<pre>{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n  {\r\n   \"Effect\": \"Allow\",\r\n   \"Action\": \"sts:AssumeRole\",\r\n   \"Resource\": \"*\"\r\n  }\r\n ]\r\n}<\/pre>\n<p>Create IAM roles (the number and permissions attached to them will depend on your needs: <em>admin, developer, sre, read-only<\/em>, &#8230;) and edit trust relationship in order to allow previously generated users to assume these roles.<\/p>\n<h2>Step 2: Generate Access keys<\/h2>\n<p>Create AWS access keys for each user and store them in the Jenkins server using the <a href=\"https:\/\/plugins.jenkins.io\/aws-credentials\/\">AWS Credentials<\/a> plugin. Make sure you set an ID to these credentials that can be easily guessed from the user name (as before, if it can be the same, the better).<\/p>\n<figure id=\"attachment_987\" aria-describedby=\"caption-attachment-987\" style=\"width: 708px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-987 \" src=\"https:\/\/geko2.factoryfy.com\/wp-content\/uploads\/aws_creds-2-300x64.png\" alt=\"\" width=\"708\" height=\"151\" \/><figcaption id=\"caption-attachment-987\" class=\"wp-caption-text\">Jenkins \u201cAdd Credentials\u201d screen<\/figcaption><\/figure>\n<p>From this point, we solved all cons stated above:<\/p>\n<ul>\n<li>Jenkins server can run anywhere<\/li>\n<li>Jenkins process will assume the role with only the necessary permissions to run the job<\/li>\n<li>CloudTrail will show the name of the user that run the job<\/li>\n<\/ul>\n<p>But, let&#8217;s face it, Jenkins is <strong>far from the most secure tool<\/strong> in the world. So:<\/p>\n<ul>\n<li>A successful attack could compromise our AWS credentials<\/li>\n<li>A legitimate user could escalate his privileges (using the credentials from an admin user)<\/li>\n<\/ul>\n<p>How can we solve this?<\/p>\n<h2>Step 3: MFA to the rescue<\/h2>\n<p>AWS STS provides two API operations that let users pass <strong>MFA<\/strong> information:\u00a0<em>GetSessionToken<\/em> and, what we need, <em>AssumeRole<\/em>.<\/p>\n<p>Assign a <strong>MFA<\/strong> device to each user and attach the following policy to each role (those created in step 1):<\/p>\n<pre>{\r\n \"Version\": \"2012-10-17\",\r\n \"Statement\": [\r\n  {\r\n   \"Sid\": \"ForceMFA\",\r\n   \"Effect\": \"Allow\",\r\n   \"Principal\": {\"AWS\": \"arn:aws:iam:::root\"},\r\n   \"Action\": \"sts:AssumeRole\",\r\n   \"Condition\": {\r\n    \"StringEquals\": { \"aws:username\": [  ] },\r\n    \"Bool\": { \"aws:MultiFactorAuthPresent\": true }\r\n   }\r\n  }\r\n ]\r\n}<\/pre>\n<p>This policy forces the use of <strong>MFA<\/strong> to assume the role. Thereby, as credentials can only be used to assume a role (do you remember the <strong>only<\/strong> policy attached to the users?), even if they are compromised, an attacker could do little without access to the <strong>MFA<\/strong> device.<\/p>\n<p>I&#8217;ll explain how to make use of this approach in a Jenkins pipeline in the <a href=\"https:\/\/geko.cloud\/es\/asegura-el-acceso-de-jenkins-a-aws-parte-ii\/\">next post<\/a>.<\/p>\n<p>\ud83d\udc49I hope you\u2019ve enjoyed this post and I encourage you to check our <a href=\"https:\/\/geko.cloud\/es\/blog\/\">blog<\/a> for other posts that you might find helpful, such as <a href=\"https:\/\/geko.cloud\/en\/what-is-the-cloud\/\">What is the cloud?<\/a><\/p>\n<p>Do not hesitate to <a href=\"https:\/\/geko.cloud\/es\/contacto\/\">contact us<\/a> if you would like us to help you on your projects.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Jenkins is an open source automation server used to accelerate the software delivery process and has become the de facto DevOps engine, specially for its scripted Jenkinsfile pipelines committed to source control. To accomplish its function, Jenkins needs to interface with some external systems, such as GitHub or, the reason for this article, AWS. One [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":2323,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[67],"tags":[72,83],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Securing Jenkins access to AWS (part I)<\/title>\n<meta name=\"description\" content=\"If Jenkins needs to interface with AWS, it can run on an EC2 instance with an attached IAM role, but sometimes that&#039;s not desired. Another approach is to generate AWS access keys and make access more secure with MFA.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Jenkins access to AWS (part I)\" \/>\n<meta property=\"og:description\" content=\"If Jenkins needs to interface with AWS, it can run on an EC2 instance with an attached IAM role, but sometimes that&#039;s not desired. Another approach is to generate AWS access keys and make access more secure with MFA.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/\" \/>\n<meta property=\"og:site_name\" content=\"Geko Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-27T16:46:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-03T16:28:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"David Pujadas\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@geko_cloud\" \/>\n<meta name=\"twitter:site\" content=\"@geko_cloud\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/\"},\"author\":{\"name\":\"David Pujadas\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/e6acdb23fdedb5aadaee9a561e8f5f9e\"},\"headline\":\"Securing Jenkins access to AWS (part I)\",\"datePublished\":\"2020-02-27T16:46:34+00:00\",\"dateModified\":\"2021-11-03T16:28:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/\"},\"wordCount\":565,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/geko.cloud\/es\/#organization\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png\",\"keywords\":[\"AWS\",\"Jenkins\"],\"articleSection\":[\"Labs\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/\",\"url\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/\",\"name\":\"Securing Jenkins access to AWS (part I)\",\"isPartOf\":{\"@id\":\"https:\/\/geko.cloud\/es\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png\",\"datePublished\":\"2020-02-27T16:46:34+00:00\",\"dateModified\":\"2021-11-03T16:28:52+00:00\",\"description\":\"If Jenkins needs to interface with AWS, it can run on an EC2 instance with an attached IAM role, but sometimes that's not desired. Another approach is to generate AWS access keys and make access more secure with MFA.\",\"breadcrumb\":{\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#primaryimage\",\"url\":\"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png\",\"contentUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png\",\"width\":800,\"height\":300,\"caption\":\"jenkins\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/geko.cloud\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing Jenkins access to AWS (part I)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/geko.cloud\/es\/#website\",\"url\":\"https:\/\/geko.cloud\/es\/\",\"name\":\"Geko Cloud\",\"description\":\"Servicios de consultor\u00eda cloud y devops\",\"publisher\":{\"@id\":\"https:\/\/geko.cloud\/es\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/geko.cloud\/es\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/geko.cloud\/es\/#organization\",\"name\":\"Geko Cloud\",\"url\":\"https:\/\/geko.cloud\/es\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png\",\"contentUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png\",\"width\":1650,\"height\":809,\"caption\":\"Geko Cloud\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/geko_cloud\",\"https:\/\/www.instagram.com\/gekocloud\/\",\"https:\/\/www.linkedin.com\/company\/gekocloud\",\"https:\/\/www.youtube.com\/channel\/UC5EFLCqUM7fEaXSa_0nWowQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/e6acdb23fdedb5aadaee9a561e8f5f9e\",\"name\":\"David Pujadas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4757311410445249aa2aafa6278d9855?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4757311410445249aa2aafa6278d9855?s=96&d=mm&r=g\",\"caption\":\"David Pujadas\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing Jenkins access to AWS (part I)","description":"If Jenkins needs to interface with AWS, it can run on an EC2 instance with an attached IAM role, but sometimes that's not desired. Another approach is to generate AWS access keys and make access more secure with MFA.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/","og_locale":"en_US","og_type":"article","og_title":"Securing Jenkins access to AWS (part I)","og_description":"If Jenkins needs to interface with AWS, it can run on an EC2 instance with an attached IAM role, but sometimes that's not desired. Another approach is to generate AWS access keys and make access more secure with MFA.","og_url":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/","og_site_name":"Geko Cloud","article_published_time":"2020-02-27T16:46:34+00:00","article_modified_time":"2021-11-03T16:28:52+00:00","og_image":[{"width":800,"height":300,"url":"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png","type":"image\/png"}],"author":"David Pujadas","twitter_card":"summary_large_image","twitter_creator":"@geko_cloud","twitter_site":"@geko_cloud","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#article","isPartOf":{"@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/"},"author":{"name":"David Pujadas","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/e6acdb23fdedb5aadaee9a561e8f5f9e"},"headline":"Securing Jenkins access to AWS (part I)","datePublished":"2020-02-27T16:46:34+00:00","dateModified":"2021-11-03T16:28:52+00:00","mainEntityOfPage":{"@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/"},"wordCount":565,"commentCount":0,"publisher":{"@id":"https:\/\/geko.cloud\/es\/#organization"},"image":{"@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#primaryimage"},"thumbnailUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png","keywords":["AWS","Jenkins"],"articleSection":["Labs"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/","url":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/","name":"Securing Jenkins access to AWS (part I)","isPartOf":{"@id":"https:\/\/geko.cloud\/es\/#website"},"primaryImageOfPage":{"@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#primaryimage"},"image":{"@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#primaryimage"},"thumbnailUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png","datePublished":"2020-02-27T16:46:34+00:00","dateModified":"2021-11-03T16:28:52+00:00","description":"If Jenkins needs to interface with AWS, it can run on an EC2 instance with an attached IAM role, but sometimes that's not desired. Another approach is to generate AWS access keys and make access more secure with MFA.","breadcrumb":{"@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#primaryimage","url":"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png","contentUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/jenkins-aws-mfa.png","width":800,"height":300,"caption":"jenkins"},{"@type":"BreadcrumbList","@id":"https:\/\/geko.cloud\/es\/asegurar-el-acceso-de-jenkins-a-aws-part-i\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/geko.cloud\/en\/"},{"@type":"ListItem","position":2,"name":"Securing Jenkins access to AWS (part I)"}]},{"@type":"WebSite","@id":"https:\/\/geko.cloud\/es\/#website","url":"https:\/\/geko.cloud\/es\/","name":"Geko Cloud","description":"Servicios de consultor\u00eda cloud y devops","publisher":{"@id":"https:\/\/geko.cloud\/es\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/geko.cloud\/es\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/geko.cloud\/es\/#organization","name":"Geko Cloud","url":"https:\/\/geko.cloud\/es\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/","url":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png","contentUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png","width":1650,"height":809,"caption":"Geko Cloud"},"image":{"@id":"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/geko_cloud","https:\/\/www.instagram.com\/gekocloud\/","https:\/\/www.linkedin.com\/company\/gekocloud","https:\/\/www.youtube.com\/channel\/UC5EFLCqUM7fEaXSa_0nWowQ"]},{"@type":"Person","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/e6acdb23fdedb5aadaee9a561e8f5f9e","name":"David Pujadas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4757311410445249aa2aafa6278d9855?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4757311410445249aa2aafa6278d9855?s=96&d=mm&r=g","caption":"David Pujadas"}}]}},"_links":{"self":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/2671"}],"collection":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/comments?post=2671"}],"version-history":[{"count":3,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/2671\/revisions"}],"predecessor-version":[{"id":5191,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/2671\/revisions\/5191"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/media\/2323"}],"wp:attachment":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/media?parent=2671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/categories?post=2671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/tags?post=2671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}