Getting started
The Identity Federation for AWS REST API is based on open standards, so you can use any web development language or command line tool capable of generating an HTTP request to access the API, e.g. the popular cURL (a CLI tool for transferring data with URL syntax) or the highly recommended HTTPie (a CLI, cURL-like tool for humans). All resources can be used like the regular Jira Server REST APIs (or Bitbucket Server REST API, see info below):
REST API Browser
The easiest way to explore and experiment with the Identity Federation for AWS API is by means of the Atlassian REST API Browser, simply select the Identity Federation for AWS resources.
Atlassian REST API Design Guidelines compliance
Structure of the REST URIs
The Identity Federation for AWS REST API provides access to resources (data entities) via URI paths. To use the REST API, your application will make an HTTP request and parse the response. The Identity Federation for AWS REST API uses JSON as its communication format, and the standard HTTP methods like GET, PUT, POST and DELETE. URIs for Identity Federation for AWS REST API resources are keyed by the app namespace and have the following structure:
http://host:port/context/rest/identity-federation-for-aws/2.1
This is the reference of all resources relevant to this apps actual functionality as a token vendor for Identity Federation - refer to the REST API resources (complete reference) if you intent to include this app into administrative automation scenarios (e.g. for scripting). Resource URI template methods description permissions comments Connectors This is the main resource for retrieving temporary AWS security credentials. GET|POST Get all AWS connectors. Configurable GET is the only required method for the token vendor use case, but POST is available for administration purposes. GET|PUT|DELETE Get an AWS connector identified by its id. Configurable GET is the only required method for the token vendor use case, but DELETE|PUT is available for administration purposes. GET Get details about the IAM identity whose credentials are used to call the API. Configurable GET Get temporary AWS security credentials via a AWS connector identified by its id. Configurable This is the main resource to use for calling AWS services in turn. GET Get the URL for SSO with the AWS Management Console via a AWS connector identified by its id. Configurable The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector). GET Get temporary Amazon ECR authentication credentials via a AWS connector identified by its id. Configurable Refer to Amazon EC2 Container Registry (Amazon ECR) authentication credentials for details. In addition to the native AWS API response data, the response also provides the properties This is the complete reference of all resources available. You usually won't interact with most of these outside of administrative automation scenarios (e.g. for scripting) - please see the REST API resources (Identity Federation) for this apps actual functionality first. Resource URI template methods status description permissions comments Accounts You usually only interact with accounts (access keys) for administrative purposes, please see the Connectors resource instead! /accounts GET|POST PUBLIC Get all accounts (AWS access keys). Administrator /accounts/{id} GET|DELETE|PUT PUBLIC Get an account (AWS access keys) identified by its id. Administrator Connectors This is the main resource for retrieving temporary AWS security credentials. /connectors GET|POST PUBLIC Get all AWS connectors. Configurable GET is the only required method for the token vendor use case, but POST is available for administration purposes. /connectors/{id} GET|DELETE|PUT PUBLIC Get an AWS connector identified by its id. Configurable GET is the only required method for the token vendor use case, but DELETE|PUT is available for administration purposes. /connectors/{id}/caller-identity GET PUBLIC Get details about the IAM identity whose credentials are used to call the API. Configurable /connectors/{id}/credentials GET PUBLIC Get the temporary AWS security credentials via an AWS connector identified by its id. Configurable This is the main resource to use for calling AWS services in turn. /connectors/{id}/console/url GET PUBLIC Get the URL for SSO with the AWS Management Console via a AWS connector identified by its id. Configurable The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector). /connectors/{id}/ecr/credentials GET PUBLIC Get temporary Amazon ECR authentication credentials via a AWS connector identified by its id. Configurable Refer to Amazon EC2 Container Registry (Amazon ECR) authentication credentials for details. In addition to the native AWS API response data, the response also provides the properties REST API v2.1 resources (Identity Federation)
proxyEndpointDomain
, username
and password
for convenient usage with the Bamboo Docker task./rest/identity-federation-for-aws/2.1/connectors
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 1384x1779x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:04:32 GMT
Response Body
{
"values": [
{
"id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
"name": "Development Team A",
"type": "FEDERATION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
},
{
"id": "1f2d5aee-839e-49ae-8a5b-e9ae27a2f2d8",
"name": "Development Team B",
"type": "SESSION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
},
{
"id": "997a2479-a27c-46fc-9397-9a6bff91b7dd",
"name": "Operations Team",
"type": "ASSUME_ROLE"
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "arn:aws:iam::123456789012:role/S3Access",
"externalId": "",
"iamPolicy": "",
"groups": []
}
],
"size": 3
}
/rest/identity-federation-for-aws/2.1/connectors/{id}
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3 (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 1390x1780x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:10:08 GMT
Response Body
{
"id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
"name": "Development Team A",
"type": "FEDERATION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
}
/rest/identity-federation-for-aws/2.1/connectors/{id}/caller-identity
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/caller-identity (200)
Response Headers
Server: Apache-Coyote/1.1
X-Seraph-LoginReason: OK
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 22 Jul 2016 09:58:31 GMT
Response Body
{
"account": "248163264128",
"arn": "arn:aws:sts::248163264128:federated-user/admin",
"userId": "248163264128:admin"
}
/rest/identity-federation-for-aws/2.1/connectors/{id}/credentials
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/credentials (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 1390x1782x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:10:56 GMT
Response Body
{
"accessKeyId": "ASIJATLAS2XBO2MQ77VQ",
"secretAccessKey": "FeJioaEdLa0RJsVCSBYAtLaskADEzkq1VFriuJla",
"sessionToken": "AQoDYXdzEN7//////////wEa8AEmChyr2gLDNxQATlASOWNkI0ORBVCkbPuMdTPQxpQR7NrqxjBo+O13lg2KjKdsxoXfR3fzCG/L0g9k2YQOMWVZjQLkd6cS4F3NL3qa/dtheXaYmcCeUXwJoznMWsXvGV3OQyizKD7hHcQbrYDzJWr1hcoksx03NazuG1xx6uWn8uwcktsyMCwATlasC8tqw6ffozllgQr2eZK1lBPyXWQy7Jwx3EyXLP/rulAhEBE9mrAUzp0xq0Yiekc7I06dSAQT7fBsuHzWoNQ0O8zmX4S35AL+pP+kBzAJZ75qvviNZYmoqXCBcSEOmWLFnyAuCSUg5a+5jQU=",
"expiration": 1370423461000,
"partition": "aws"
}
/rest/identity-federation-for-aws/2.1/connectors/{id}/console/url
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/console/url (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 764x100x1
X-asessionid: 1ycp90k
X-Seraph-LoginReason: OK
X-ausername: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 24 Aug 2015 10:44:11 GMT
Response Body
{
"url":"http://host:port/context/plugins/servlet/identity-federation-for-aws/aws-console-login/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3"
}
/rest/identity-federation-for-aws/2.1/connectors/{id}/ecr/credentials?region={region}
Methods
GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/ecr/credentials?region=us-east-1 (200)
Response Headers
Server: Apache-Coyote/1.1
X-AREQUESTID: 764x100x1
X-asessionid: 1ycp90k
X-Seraph-LoginReason: OK
X-ausername: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 16 Feb 2016 16:55:39 GMT
Response Body
{
"values": [
{
"authorizationToken": "QVdTOkNpQndtMFlhSVNKZVJ0Sm01bjFHNnVxZWVrWHVvWFhQATlASmNlOVJxOC8xNHhLU0J3RUJBZ0I0Y0p0R0dpRWlYa2JTWnVaOVJ1cnFubnBGN3FGMXozdVZCWEh2VWF2UDllTUFBQU5wTUlJRFpRWUpLb1pJaHZjTkFRY0dvSUlEVmpDQ0ExSUNBUUF3Z2dOTEJna3Foa2lHOXcwQkJ3RXdIZ1lKWUlaSUFXVURCQUV1TUJFRURLOG43TkNtekd0TU9oZzBEUUlCRUlDQ0F4eEMrK2s3MmF2UlZ2cGZVcGl3bU5vSEYxWXZORHdqZnZoUkc5K1VPL3d2NzNCUUlVVVduRS91bmxHREtrdElzNXFuR2FKNUFldTJET3drSVo4b01pb2hjazhrc2JDRkEraVhZMkkxcmNjaDdmV1hEbVNnYm15ZloyY010UmwrOUdDWk15bVhJelpFd3BhOXI5QUN1NVVzTVhYcHhKTFFVWEZOVVgrdWIwSThFMjFDN1BwRWRWQkl2blFUVVE1ZGttalFqVTlEREUzMStLT2w1eC80Y2pMeWZobU10bzBSc1FsOGVQTTlUYkVJcFZKT2NIelk4K05rakpwZkRUY3ZrUUJYZDRCWlFMMmtZUzhCUC9VeTF0bCs2cVY3MGhrSkpnbTBVQnJBWnhNM0FJc09SZ0Q3TUJ5WXUzZklTemlYV1FHL2s1cG1VTzV5bVlYeTJwenJxTnhnMXNFZk5rUDdGTVZLZklOenlaNUVJZjdNc3JKeDlxTlNOelpYNStVNmNJM052T2pHYkhJSjZxM0YxdWQ0aFNENXcyRUQ2bDZiVWtVS0FvR2cxSmMxaW1UUnBKTWVXWlozSjc0ZU1DL0FwZExzNzZZclNScExVYXVwNHZJQjRkRmptZ2Q1bFNMS2p0NEF5Rjd0S2ZYOG82anJSS2dyRkc5dEExZXl6dW1DdXo0MHZTQkRLQW1WNTlwK2dzYmh1aFVzcWlETWdaUHdBNis0WHNJbno1WE9xM01QaFI4cncxckhPYmxhaUtJbG14RnZFSTQ2R213TTFoSWJnc3RqNXE3cW4vcUpPOTQra1NZY0xoMFVNZWdIZmUxd2dvdjhzaDRBa0VDVG0ydkFaM2dsQmtoU3RDYTlUTGxJZGJZNHl5RVBkaGNsS3g4SDV0MGdPMXZRN3dWNjdrZG54U3JSM1pCTDdtL3VPNmdPS05zc0p4NjlyN1E0Z2k2cjhMU0RHTVEvekV4bGQzcEJxcjNoV1F3RWdEeVBBclg3Yk5wblFLQlVFV2tneW1wcUpOWkpPRUhQR0I5Rm1obDN5ZVYwS0ZWTlVBdzJWTE95ekJrU1JMVFd3OWl6VlF1eVlpSE8zcHFyMlRjczdBVVJIb2FvcFBwWGRlOTJDeFB5ZllranBEazFlMjRVVWxuUW5tY1g0cGcyUWh1VHJoWVdOc2h0MVNWU0NnanJkamhEdURwUDh6UmtzTFJFaWErUE1YZlhnRFFPOUNLK1B4cEJOZE5aQzR0ZHhpMzYrVElkVjNnQjlIcHU4YmxWTllONjgzdEpuN3c0SXRSSUhzY0NGWnRiTnY4UTdBL0dadEN4UGt3YVFkTkREZSt2RG1ia25yVGtmUEJhYzhzclNhTEJMRGJOcGZmajc4QUx0c0lISStuT1VxRDV1VGI3OTljV2dnNytyMDFw",
"expirationDate": "20160217T045542Z",
"proxyEndpoint": "https://124816326400.dkr.ecr.us-east-1.amazonaws.com",
"proxyEndpointDomain": "124816326400.dkr.ecr.us-east-1.amazonaws.com",
"username": "AWS",
"password": "CiBwm0YaISJeRtJm5n1G6uqeekXuoXXPe5UFce9Rq8/ATlASBwEBAgB4cJtGGiEiXkbSZuZ9RurqnnpF7qF1z3uVBXHvUavP9eMAAANpMIIDZQYJKoZIhvcNAQcGoIIDVjCCA1ICAQAwggNLBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDK8n7NCmzGtMOhg0DQIBEICCAxxC++k72avRVvpfUpiwmNoHF1YvNDwjfvhRG9+UO/wv73BQIUUWnE/unlGDKktIs5qnGaJ5Aeu2DOwkIZ8oMiohck8ksbCFA+iXY2I1rcch7fWXDmSgbmyfZ2cMtRl+9GCZMymXIzZEwpa9r9ACu5UsMXXpxJLQUXFNUX+ub0I8E21C7PpEdVBIvnQTUQ5dkmjQjU9DDE31+KOl5x/4cjLyfhmMto0RsQl8ePM9TbEIpVJOcHzY8+NkjJpfDTcvkQBXd4BZQL2kYS8BP/Uy1tl+6qV70hkJJgm0UBrAZxM3AIsORgD7MByYu3fISziXWQG/k5pmUO5ymYXy2pzrqNxg1sEfNkP7FMVKfINzyZ5EIf7MsrJx9qNSNzZX5+U6cI3NvOjGbHIJ6q3F1ud4hSD5w2ED6l6bUkUKAoGg1Jc1imTRpJMeWZZ3J74eMC/ApdLs76YrSRpLUaup4vIB4dFjmgd5lSLKjt4AyF7tKfX8o6jrRKgrFG9tA1eyzumCuz40vSBDKAmV59p+gsbhuhUsqiDMgZPwA6+4XsInz5XOq3MPhR8rw1rHOblaiKIlmxFvEI46GmwM1hIbgstj5q7qn/qJO94+kSYcLh0UMegHfe1wgov8sh4AkECTm2vAZ3glBkhStCa9TLlIdbY4yyEPdhclKx8H5t0gO1vQ7wV67kdnxSrR3ZBL7m/uO6gOKNssJx69r7Q4gi6r8LSDGMQ/zExld3pBqr3hWQwEgDyPArX7bNpnQKBUEWkgympqJNZJOEHPGB9Fmhl3yeV0KFVNUAw2VLOyzBkSRLTWw9izVQuyYiHO3pqr2Tcs7AURHoaopPpXde92CxPyfYkjpDk1e24UUlnQnmcX4pg2QhuTrhYWNsht1SVSCgjrdjhDuDpP8zRksLREia+PMXfXgDQO9CK+PxpBNdNZC4tdxi36+TIdV3gB9Hpu8blVNYN683tJn7w4ItRIHscCFZtbNv8Q7A/GZtCxPkwaQdNDDe+vDmbknrTkfPBac8srSaLBLDbNpffj78ALtsIHI+nOUqD5uTb799cWgg7+r01p"
}
],
"size": 1
}
REST API v2.1 resources (complete reference)
proxyEndpointDomain
, username
and password
for convenient usage with the Bamboo Docker task.
Frequently Asked Questions (FAQ)
Atlassian account required