Principal Type | Explanation | Learn more at AWS |
---|---|---|
Federated User | Yields temporary AWS security credentials for a federated user with the Atlassian user name and an optional IAM Policy (if absent, AWS applies a default) In order to use the Federated User principal type, you need to Grant an IAM Group Permission to Create Temporary Credentials! The following example shows a policy that grants permission to access the AWS STS { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "sts:GetFederationToken", "Resource": "*" }] } Federated User does not allow to access IAM or STS APIs, for example when creating IAM resources via CloudFormation - use or Assume Role for these scenarios instead. | Permissions for GetFederationToken Grant an IAM Group Permission to Create Temporary Credentials |
Assume Role | Yields temporary AWS security credentials for an assumed role with the Atlassian user name and an optional External ID and an optional IAM Policy (if absent, AWS applies a default) In order to use the Assume Role principal type, you need to Grant an IAM Group Permission to Create Temporary Credentials! The following example shows a policy that grants permission to access the AWS STS { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::123123123123:role/UpdateAPP" }] } | Grant an IAM Group Permission to Create Temporary Credentials |
Account (IAM User) | Yields temporary AWS security credentials for the selected IAM user (recommended) or AWS account (disadvised) itself Account (IAM User) does not allow to specify IAM policies or distinguish users - use Federated User or Assume Role for these scenarios instead. |
General
Content
Integrations