- unmigrated-wiki-markup
Documentation for Identity Federation for AWS 2.1 – other releases are available in the Identity Federation for AWS Documentation Directory.
View
or visit the current documentation home.
_PrincipalTypesTable
- Steffen Opel [Utoolity]
| Principal Type | Explanation | Learn more at AWS |
|---|---|---|
| Federated User | Yields temporary AWS security credentials for a federated user with the Atlassian user name and an optional IAM Policy (if absent, AWS applies a default) In order to use the Federated User principal type, you need to Grant an IAM Group Permission to Create Temporary Credentials! The following example shows a policy that grants permission to access the AWS STS {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "sts:GetFederationToken",
"Resource": "*"
}]
}Federated User does not allow to access IAM or STS APIs, for example when creating IAM resources via CloudFormation - use or Assume Role for these scenarios instead. | Permissions for GetFederationToken Grant an IAM Group Permission to Create Temporary Credentials |
| Assume Role | Yields temporary AWS security credentials for an assumed role with the Atlassian user name and an optional External ID and an optional IAM Policy (if absent, AWS applies a default) In order to use the Assume Role principal type, you need to Grant an IAM Group Permission to Create Temporary Credentials! The following example shows a policy that grants permission to access the AWS STS {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::123123123123:role/UpdateAPP"
}]
} | Grant an IAM Group Permission to Create Temporary Credentials |
| Account (IAM User) | Yields temporary AWS security credentials for the selected IAM user (recommended) or AWS account (disadvised) itself Account (IAM User) does not allow to specify IAM policies or distinguish users - use Federated User or Assume Role for these scenarios instead. |