Versions Compared

Old Version 1

changes.mady.by.user Steffen Opel [Utoolity]

Saved on

compared with

New Version 2

changes.mady.by.user Steffen Opel [Utoolity]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated to release 2.4.0.

The AWS Security Credentials need to be specified for each task currently, which can be cumbersome quickly. Pending a more generic solution, it is already possible to ease this As of release 2.4, Tasks for AWS integrates with Identity Federation for AWS (Bamboo) to provide shared AWS Security Credentials management.

Include Page
_IFAWSNoChargeNote
_IFAWSNoChargeNote

AWS Credentials Sources

This results in two option for providing AWS Security Credentials:

Inline

Note
titleNo Real Encryption

This is not recommended, but easy to get started with:

The common pair of AWS security credentials (an AWS Access Key Id and an AWS Secret Key) is entered directly in each task and persisted after being processed with the Bamboo Encryption API.

  • (warning) Please note that this naming is misleading for the time being - as properly phrased in the method details, these just provide means to obfuscate sensitive data. Real encryption is available by using the integration with Identity Federation for AWS (Bamboo) instead.

Image AddedIf you prefer this solution, you might still want to ease credentials reuse a bit via variable substitution as follows:

  • configure Access Key and Secret Key as e.g. ${bamboo.awsAccessKeyPassword} and ${bamboo.awsSecretKeyPassword}
  • define plan and/or global variables for the configured variable names (i.e. awsAccessKeyPassword and awsSecretKeyPassword given this example) with the actual credentials, which will then be substituted on task execution accordingly
 

Identity Federation for AWS

Tip
titleFederated Amazon Web Services access

This is the recommended approach to share and manage AWS credentials:

It provides all sorts of benefits like easy credentials sharing and reuse, fine grained access control for AWS resources, strong encryption and more. Please refer to the Identity Federation for AWS Documentation for details.

Image AddedPlease refer to the Identity Federation for AWS Administrator's Guide for details on how to configure the connectors.

  • (info) this option requires at least one System Scope AWS Connector to be configured within the Identity Federation for AWS add-on
  • a connector yields a set of temporary credentials on task execution (optionally limiting the IAM permissions)
  • you can configure multiple connectors to provide credentials with different IAM permissions tailored for specific use cases

Include Page
_CNRegionsNote
_CNRegionsNote