Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Renamed page, rephrased summary, and marked excerpt.

Excerpt
In order to provide temporary AWS security credentials for other add-ons via a REST API and Single Sign-On (SSO) to the AWS Management Console, you need to provide long term AWS security credentials within Identity Federation for AWS.
Include Page
_IFAWSNoChargeNote
_IFAWSNoChargeNote

Info

As of release 2.2, Identity Federation for AWS (Bamboo) also features

an

an AWS Credentials Variables task

to

 to provide shared AWS Security Credentials

for

 for subsequent tasks without native integration with Identity Federation for AWS.

Include Page_TasksForAWSNote_TasksForAWSNote

 

Panel
bgColor#eeeeee

On this page:

Table of Contents

AWS Credentials Sources

You currently have two the following options to provide provide AWS Security Credentials:

Identity Federation for AWS

Tip
titleFederated Amazon Web Services access

This is the recommended approach to share and manage AWS credentials:

  • It provides benefits like easy credentials sharing and reuse, fine grained access control for AWS resources, strong encryption and more (see AWS Security Credentials Variations for details).

Image RemovedRefer to AWS Connector Management for details.

  • (info) this option requires at least one AWS Connector to be configured with System Scope to allow usage from Bamboo builds, where no user session is available
  • a connector yields a set of temporary credentials on task execution (optionally limiting the IAM permissions)
  • you can configure multiple connectors to provide credentials with different IAM permissions tailored for specific use cases

IAM Role for EC2 (Agent)

Image RemovedYou can use IAM Roles for Amazon EC2 to optionally skip credentials configuration all together: if an agent happens to run on an EC2 instance started with an instance profile (IAM role), the tasks can be configured to facilitate those credentials. Of course, the underlying IAM role needs to have a sufficient policy attached to grant the the required permissions for the task at hand.

This feature requires the Amazon EC2 instance running the agent to be started with an EC2 instance profile. There are three different scenarios:

  • local agents - requires the hosting Bamboo server itself to run on EC2
  • remote/elastic agents - requires the remote agent to run on EC2
  • elastic agents - requires the elastic agent to run on EC2(warning) Elastic Bamboo only supports configuring elastic images with an instance profile as of Bamboo 5.6.

    Include Page
    _IdentityFederationForAWSConnector
    _IdentityFederationForAWSConnector

    Include Page
    _IAMRolesForEC2
    _IAMRolesForEC2

    AWS China (Beijing) Region

    Include Page
    _ChinaRegions
    _ChinaRegions

    AWS GovCloud (US) Region

    Include Page
    _GovCloudRegions
    _GovCloudRegions