API Compatibility
Identity Federation for AWS strives to support the two latest major API versions to provide an upgrade path:
- current (v2.1) – available as of Identity Federation for AWS 2.10
- current (v2.0) – available as of Identity Federation for AWS 2.0
- deprecated (v1.0)
API Limitations
Usage of the REST API requires an active user session, which isn't available during execution of tasks in Bamboo or scheduled tasks in Jira for example.
- AWS credentials for such 'system scope' scenarios can be retrieved via the as of yet unpublished Java API (facilitated by Tasks for AWS for example) - please don't hesitate to get in touch, if you are in need for system scoped identity federation with AWS, we are eager to learn more about your use case.
This is the reference of all resources relevant to this apps actual functionality as a token vendor for Identity Federation - refer to the REST API resources (complete reference) if you intent to include this app into administrative automation scenarios (e.g. for scripting). Resource URI template methods description permissions comments Connectors This is the main resource for retrieving temporary AWS security credentials. GET|POST Get all AWS connectors. Configurable GET is the only required method for the token vendor use case, but POST is available for administration purposes. GET|PUT|DELETE Get an AWS connector identified by its id. Configurable GET is the only required method for the token vendor use case, but DELETE|PUT is available for administration purposes. GET Get details about the IAM identity whose credentials are used to call the API. Configurable GET Get temporary AWS security credentials via a AWS connector identified by its id. Configurable This is the main resource to use for calling AWS services in turn. GET Get the URL for SSO with the AWS Management Console via a AWS connector identified by its id. Configurable The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector). GET Get temporary Amazon ECR authentication credentials via a AWS connector identified by its id. Configurable Refer to Amazon EC2 Container Registry (Amazon ECR) authentication credentials for details. In addition to the native AWS API response data, the response also provides the properties This is the complete reference of all resources available. You usually won't interact with most of these outside of administrative automation scenarios (e.g. for scripting) - please see the REST API resources (Identity Federation) for this apps actual functionality first. Resource URI template methods status description permissions comments Accounts You usually only interact with accounts (access keys) for administrative purposes, please see the Connectors resource instead! /accounts GET|POST PUBLIC Get all accounts (AWS access keys). Administrator /accounts/{id} GET|DELETE|PUT PUBLIC Get an account (AWS access keys) identified by its id. Administrator Connectors This is the main resource for retrieving temporary AWS security credentials. /connectors GET|POST PUBLIC Get all AWS connectors. Configurable GET is the only required method for the token vendor use case, but POST is available for administration purposes. /connectors/{id} GET|DELETE|PUT PUBLIC Get an AWS connector identified by its id. Configurable GET is the only required method for the token vendor use case, but DELETE|PUT is available for administration purposes. /connectors/{id}/caller-identity GET PUBLIC Get details about the IAM identity whose credentials are used to call the API. Configurable /connectors/{id}/credentials GET PUBLIC Get the temporary AWS security credentials via an AWS connector identified by its id. Configurable This is the main resource to use for calling AWS services in turn. /connectors/{id}/console/url GET PUBLIC Get the URL for SSO with the AWS Management Console via a AWS connector identified by its id. Configurable The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector). /connectors/{id}/ecr/credentials GET PUBLIC Get temporary Amazon ECR authentication credentials via a AWS connector identified by its id. Configurable Refer to Amazon EC2 Container Registry (Amazon ECR) authentication credentials for details. In addition to the native AWS API response data, the response also provides the properties REST API v2.1 resources (Identity Federation)
proxyEndpointDomain
, username
and password
for convenient usage with the Bamboo Docker task./rest/identity-federation-for-aws/2.1/connectors
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 1384x1779x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:04:32 GMT
Response Body
{
"values": [
{
"id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
"name": "Development Team A",
"type": "FEDERATION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
},
{
"id": "1f2d5aee-839e-49ae-8a5b-e9ae27a2f2d8",
"name": "Development Team B",
"type": "SESSION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
},
{
"id": "997a2479-a27c-46fc-9397-9a6bff91b7dd",
"name": "Operations Team",
"type": "ASSUME_ROLE"
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "arn:aws:iam::123456789012:role/S3Access",
"externalId": "",
"iamPolicy": "",
"groups": []
}
],
"size": 3
}
/rest/identity-federation-for-aws/2.1/connectors/{id}
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3 (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 1390x1780x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:10:08 GMT
Response Body
{
"id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
"name": "Development Team A",
"type": "FEDERATION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
}
/rest/identity-federation-for-aws/2.1/connectors/{id}/caller-identity
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/caller-identity (200)
Response Headers
Server: Apache-Coyote/1.1
X-Seraph-LoginReason: OK
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 22 Jul 2016 09:58:31 GMT
Response Body
{
"account": "248163264128",
"arn": "arn:aws:sts::248163264128:federated-user/admin",
"userId": "248163264128:admin"
}
/rest/identity-federation-for-aws/2.1/connectors/{id}/credentials
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/credentials (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 1390x1782x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:10:56 GMT
Response Body
{
"accessKeyId": "ASIJATLAS2XBO2MQ77VQ",
"secretAccessKey": "FeJioaEdLa0RJsVCSBYAtLaskADEzkq1VFriuJla",
"sessionToken": "AQoDYXdzEN7//////////wEa8AEmChyr2gLDNxQATlASOWNkI0ORBVCkbPuMdTPQxpQR7NrqxjBo+O13lg2KjKdsxoXfR3fzCG/L0g9k2YQOMWVZjQLkd6cS4F3NL3qa/dtheXaYmcCeUXwJoznMWsXvGV3OQyizKD7hHcQbrYDzJWr1hcoksx03NazuG1xx6uWn8uwcktsyMCwATlasC8tqw6ffozllgQr2eZK1lBPyXWQy7Jwx3EyXLP/rulAhEBE9mrAUzp0xq0Yiekc7I06dSAQT7fBsuHzWoNQ0O8zmX4S35AL+pP+kBzAJZ75qvviNZYmoqXCBcSEOmWLFnyAuCSUg5a+5jQU=",
"expiration": 1370423461000,
"partition": "aws"
}
/rest/identity-federation-for-aws/2.1/connectors/{id}/console/url
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/console/url (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 764x100x1
X-asessionid: 1ycp90k
X-Seraph-LoginReason: OK
X-ausername: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 24 Aug 2015 10:44:11 GMT
Response Body
{
"url":"http://host:port/context/plugins/servlet/identity-federation-for-aws/aws-console-login/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3"
}
/rest/identity-federation-for-aws/2.1/connectors/{id}/ecr/credentials?region={region}
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/ecr/credentials?region=us-east-1 (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 764x100x1
X-asessionid: 1ycp90k
X-Seraph-LoginReason: OK
X-ausername: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 16 Feb 2016 16:55:39 GMT
Response Body
{
"values": [
{
"authorizationToken": "QVdTOkNpQndtMFlhSVNKZVJ0Sm01bjFHNnVxZWVrWHVvWFhQATlASmNlOVJxOC8xNHhLU0J3RUJBZ0I0Y0p0R0dpRWlYa2JTWnVaOVJ1cnFubnBGN3FGMXozdVZCWEh2VWF2UDllTUFBQU5wTUlJRFpRWUpLb1pJaHZjTkFRY0dvSUlEVmpDQ0ExSUNBUUF3Z2dOTEJna3Foa2lHOXcwQkJ3RXdIZ1lKWUlaSUFXVURCQUV1TUJFRURLOG43TkNtekd0TU9oZzBEUUlCRUlDQ0F4eEMrK2s3MmF2UlZ2cGZVcGl3bU5vSEYxWXZORHdqZnZoUkc5K1VPL3d2NzNCUUlVVVduRS91bmxHREtrdElzNXFuR2FKNUFldTJET3drSVo4b01pb2hjazhrc2JDRkEraVhZMkkxcmNjaDdmV1hEbVNnYm15ZloyY010UmwrOUdDWk15bVhJelpFd3BhOXI5QUN1NVVzTVhYcHhKTFFVWEZOVVgrdWIwSThFMjFDN1BwRWRWQkl2blFUVVE1ZGttalFqVTlEREUzMStLT2w1eC80Y2pMeWZobU10bzBSc1FsOGVQTTlUYkVJcFZKT2NIelk4K05rakpwZkRUY3ZrUUJYZDRCWlFMMmtZUzhCUC9VeTF0bCs2cVY3MGhrSkpnbTBVQnJBWnhNM0FJc09SZ0Q3TUJ5WXUzZklTemlYV1FHL2s1cG1VTzV5bVlYeTJwenJxTnhnMXNFZk5rUDdGTVZLZklOenlaNUVJZjdNc3JKeDlxTlNOelpYNStVNmNJM052T2pHYkhJSjZxM0YxdWQ0aFNENXcyRUQ2bDZiVWtVS0FvR2cxSmMxaW1UUnBKTWVXWlozSjc0ZU1DL0FwZExzNzZZclNScExVYXVwNHZJQjRkRmptZ2Q1bFNMS2p0NEF5Rjd0S2ZYOG82anJSS2dyRkc5dEExZXl6dW1DdXo0MHZTQkRLQW1WNTlwK2dzYmh1aFVzcWlETWdaUHdBNis0WHNJbno1WE9xM01QaFI4cncxckhPYmxhaUtJbG14RnZFSTQ2R213TTFoSWJnc3RqNXE3cW4vcUpPOTQra1NZY0xoMFVNZWdIZmUxd2dvdjhzaDRBa0VDVG0ydkFaM2dsQmtoU3RDYTlUTGxJZGJZNHl5RVBkaGNsS3g4SDV0MGdPMXZRN3dWNjdrZG54U3JSM1pCTDdtL3VPNmdPS05zc0p4NjlyN1E0Z2k2cjhMU0RHTVEvekV4bGQzcEJxcjNoV1F3RWdEeVBBclg3Yk5wblFLQlVFV2tneW1wcUpOWkpPRUhQR0I5Rm1obDN5ZVYwS0ZWTlVBdzJWTE95ekJrU1JMVFd3OWl6VlF1eVlpSE8zcHFyMlRjczdBVVJIb2FvcFBwWGRlOTJDeFB5ZllranBEazFlMjRVVWxuUW5tY1g0cGcyUWh1VHJoWVdOc2h0MVNWU0NnanJkamhEdURwUDh6UmtzTFJFaWErUE1YZlhnRFFPOUNLK1B4cEJOZE5aQzR0ZHhpMzYrVElkVjNnQjlIcHU4YmxWTllONjgzdEpuN3c0SXRSSUhzY0NGWnRiTnY4UTdBL0dadEN4UGt3YVFkTkREZSt2RG1ia25yVGtmUEJhYzhzclNhTEJMRGJOcGZmajc4QUx0c0lISStuT1VxRDV1VGI3OTljV2dnNytyMDFw",
"expirationDate": "20160217T045542Z",
"proxyEndpoint": "https://124816326400.dkr.ecr.us-east-1.amazonaws.com",
"proxyEndpointDomain": "124816326400.dkr.ecr.us-east-1.amazonaws.com",
"username": "AWS",
"password": "CiBwm0YaISJeRtJm5n1G6uqeekXuoXXPe5UFce9Rq8/ATlASBwEBAgB4cJtGGiEiXkbSZuZ9RurqnnpF7qF1z3uVBXHvUavP9eMAAANpMIIDZQYJKoZIhvcNAQcGoIIDVjCCA1ICAQAwggNLBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDK8n7NCmzGtMOhg0DQIBEICCAxxC++k72avRVvpfUpiwmNoHF1YvNDwjfvhRG9+UO/wv73BQIUUWnE/unlGDKktIs5qnGaJ5Aeu2DOwkIZ8oMiohck8ksbCFA+iXY2I1rcch7fWXDmSgbmyfZ2cMtRl+9GCZMymXIzZEwpa9r9ACu5UsMXXpxJLQUXFNUX+ub0I8E21C7PpEdVBIvnQTUQ5dkmjQjU9DDE31+KOl5x/4cjLyfhmMto0RsQl8ePM9TbEIpVJOcHzY8+NkjJpfDTcvkQBXd4BZQL2kYS8BP/Uy1tl+6qV70hkJJgm0UBrAZxM3AIsORgD7MByYu3fISziXWQG/k5pmUO5ymYXy2pzrqNxg1sEfNkP7FMVKfINzyZ5EIf7MsrJx9qNSNzZX5+U6cI3NvOjGbHIJ6q3F1ud4hSD5w2ED6l6bUkUKAoGg1Jc1imTRpJMeWZZ3J74eMC/ApdLs76YrSRpLUaup4vIB4dFjmgd5lSLKjt4AyF7tKfX8o6jrRKgrFG9tA1eyzumCuz40vSBDKAmV59p+gsbhuhUsqiDMgZPwA6+4XsInz5XOq3MPhR8rw1rHOblaiKIlmxFvEI46GmwM1hIbgstj5q7qn/qJO94+kSYcLh0UMegHfe1wgov8sh4AkECTm2vAZ3glBkhStCa9TLlIdbY4yyEPdhclKx8H5t0gO1vQ7wV67kdnxSrR3ZBL7m/uO6gOKNssJx69r7Q4gi6r8LSDGMQ/zExld3pBqr3hWQwEgDyPArX7bNpnQKBUEWkgympqJNZJOEHPGB9Fmhl3yeV0KFVNUAw2VLOyzBkSRLTWw9izVQuyYiHO3pqr2Tcs7AURHoaopPpXde92CxPyfYkjpDk1e24UUlnQnmcX4pg2QhuTrhYWNsht1SVSCgjrdjhDuDpP8zRksLREia+PMXfXgDQO9CK+PxpBNdNZC4tdxi36+TIdV3gB9Hpu8blVNYN683tJn7w4ItRIHscCFZtbNv8Q7A/GZtCxPkwaQdNDDe+vDmbknrTkfPBac8srSaLBLDbNpffj78ALtsIHI+nOUqD5uTb799cWgg7+r01p"
}
],
"size": 1
}
REST API v2.1 resources (complete reference)
proxyEndpointDomain
, username
and password
for convenient usage with the Bamboo Docker task.