As an administrator, I want to facilitate the AssumeRoleWithSAML API so that I gain AWS access via SAML based enterprise identity solutions
Description
Environment
Figma for Jira
Activity

Shao Cai July 10, 2019 at 3:21 AM
I definitely would like to see this feature to be offered to Bamboo, so that we will be able to do the similar in Bamboo as we currently do in Jenkins. In Jenkins with customer plugin, we obtain temporary AWS credentials via SAML 2.0 federation through ADFS and STS. For Bamboo, we would prefer the out-of-box solution so that we don't have to revert the wheel. With this feature, Bamboo might will gain favor over Jenkins as CI tool for AWS applications. Please keep me updated of the status of this feature. Thanks Shao
Steffen Opel [Utoolity] May 30, 2017 at 2:52 PMEdited
I'm accepting this story on the grounds of its title and our desire to support SAML one way or another at some point in the future - however, this is not yet a commitment to implementing it in Identity Federation for AWS itself, or in any other add-on.
Please vote and ideally comment on this issue with your specific use case and requirements to help us shape and prioritize an approach to SAML support in our AWS add-on.
Details
Details
Assignee
Reporter
Labels
Participants

Given the increasing prevalence of enterprise identity management based on SAML, it would be ideal if Identity Federation for AWS could also directly support the AssumeRoleWithSAML API action to enable connectors based on custom SAML federation.
Status
We initially considered this to be out of scope, assuming anyone using SAML would rather use SSO with AWS directly then, and Atlassian didn't even support SAML until recently. This might have been shortsighted, insofar the main use case is retrieving AWS credentials for reuse in add-ons like Tasks for AWS - adding SAML support should be reassessed accordingly.
Please vote and ideally comment on this issue with your specific use case and requirements to help us shape and prioritize an approach to SAML support in our AWS add-on.
Tasks for AWS specific workaround
If there is an option to provide temporary AWS credentials via Bamboo variables (e.g. by means of a custom script or task), this can be used with inline AWS security credentials as of Tasks for AWS 2.14.1.
Please get in touch if you need help with such an integration scenario, we are eager to learn more about your specific scenario and would be happy to assist with implementing this workaround as an interim solution.