Documentation for Tasks for AWS 2.8 – other releases are available in the Tasks for AWS Documentation Directory.
View

Unknown macro: {spacejump}

or visit the current documentation home.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

As of release 2.4, Tasks for AWS integrates with Identity Federation for AWS (Bamboo) to provide shared AWS Security Credentials management.

No Charge

Usage of Identity Federation for AWS (Bamboo) is free for Tasks for AWS licensees, see the Licensing & Purchasing FAQ for details.

 

On this page:

AWS Credentials Sources

This results in two option for providing AWS Security Credentials:

Identity Federation for AWS

Federated Amazon Web Services access

This is the recommended approach to share and manage AWS credentials:

  • It provides benefits like easy credentials sharing and reuse, fine grained access control for AWS resources, strong encryption and more (please refer to the Identity Federation for AWS Documentation for more information regarding the available features and implied advantages).

Please refer to the Identity Federation for AWS Administrator's Guide for details on how to configure the connectors.

  • (info) this option requires at least one AWS Connector to be configured with System Scope to allow usage from Bamboo builds, where no user session is available
  • a connector yields a set of temporary credentials on task execution (optionally limiting the IAM permissions)
  • you can configure multiple connectors to provide credentials with different IAM permissions tailored for specific use cases

Inline

No Real Encryption

This is not recommended, but easy to get started with:

  • The common pair of AWS security credentials (an AWS Access Key Id and an AWS Secret Key) is entered directly in each task and persisted after being processed with the Bamboo EncryptionService API.

Please note that the Bamboo EncryptionService API naming is misleading for the time being - as properly phrased in the method summary of com.atlassian.bamboo.security.EncryptionServiceImpl, the decrypt()/encrypt() methods just provide means to obfuscate sensitive data.

If you prefer this solution, you might still want to ease credentials reuse a bit via variable substitution as follows:

  • configure Access Key and Secret Key as e.g. ${bamboo.awsAccessKeyPassword} and ${bamboo.awsSecretKeyPassword}
  • define plan and/or global variables for the configured variable names (i.e. awsAccessKeyPassword and awsSecretKeyPassword given this example) with the actual credentials, which will then be substituted on task execution accordingly

 

 

AWS China (Beijing) Region

Unable to render {include} The included page could not be found.

  • No labels