This is the Identity Federation for AWS REST API v2 reference, see the Developer's Guide for more information.
API Compatibility
Identity Federation for AWS strives to support the two latest API versions to provide an upgrade path:
API Limitations
Usage of the REST API requires an active user session, which isn't available during execution of tasks in Bamboo or scheduled tasks in JIRA for example.
- AWS credentials for such 'system scope' scenarios can be retrieved via the as of yet unpublished Java API (facilitated by Tasks for AWS for example) - please don't hesitate to get in touch, if you are in need for system scoped identity federation with AWS, we are eager to learn more about your use case.
On this page:
This is the reference of all resources relevant to this add-ons actual functionality as a token vendor for Identity Federation - refer to the REST API resources (complete reference) if you intent to include this add-on into administrative automation scenarios (e.g. for scripting). This is the complete reference of all resources available. You usually won't interact with most of these outside of administrative automation scenarios (e.g. for scripting) - please see the REST API resources (Identity Federation) for this add-ons actual functionality first. /connectorsREST API v2 resources (Identity Federation)
Resource URI template methods description permissions comments Connectors This is the main resource to interact with currently in order to retrieve temporary AWS security credentials. GET Get all AWS connectors. Configurable /connectors/{id} GET Get an AWS connector identified by its id. Configurable /connectors/{id}/credentials GET Get the temporary AWS security credentials via a AWS connector identified by its id. Configurable This is the main resource to use for calling AWS services in turn. /connectors/{id}/console/url GET Get the URL for SSO with the AWS Management Console via a AWS connector identified by its id. Configurable The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector). /rest/identity-federation-for-aws/2.0/connectors
Methods
GET
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors (200)
{
"values": [
{
"id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
"name": "Development Team A",
"type": "FEDERATION_TOKEN"
},
{
"id": "1f2d5aee-839e-49ae-8a5b-e9ae27a2f2d8",
"name": "Development Team B",
"type": "SESSION_TOKEN"
},
{
"id": "997a2479-a27c-46fc-9397-9a6bff91b7dd",
"name": "Operations Team",
"type": "FEDERATION_TOKEN"
"scope": "SYSTEM"
}
],
"size": 3
}
/rest/identity-federation-for-aws/2.0/connectors/{id}
Methods
GET
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3 (200)
{
"id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
"name": "Development Team A",
"type": "FEDERATION_TOKEN"
}
/rest/identity-federation-for-aws/2.0/connectors/{id}/credentials
Methods
GET
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/credentials (200)
{
"expiration": 1370423461000,
"sessionToken": "AQoDYXdzEN7//////////wEa8AEmChyr2gLDNxQATlASOWNkI0ORBVCkbPuMdTPQxpQR7NrqxjBo+O13lg2KjKdsxoXfR3fzCG/L0g9k2YQOMWVZjQLkd6cS4F3NL3qa/dtheXaYmcCeUXwJoznMWsXvGV3OQyizKD7hHcQbrYDzJWr1hcoksx03NazuG1xx6uWn8uwcktsyMCwATlasC8tqw6ffozllgQr2eZK1lBPyXWQy7Jwx3EyXLP/rulAhEBE9mrAUzp0xq0Yiekc7I06dSAQT7fBsuHzWoNQ0O8zmX4S35AL+pP+kBzAJZ75qvviNZYmoqXCBcSEOmWLFnyAuCSUg5a+5jQU=",
"accessKeyId": "ASIJATLAS2XBO2MQ77VQ",
"secretAccessKey": "FeJioaEdLa0RJsVCSBYAtLaskADEzkq1VFriuJla"
}
/rest/identity-federation-for-aws/2.0/connectors/{id}/console/url
Methods
GET
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/console/url(200)
{
"url":"http://host:port/context/plugins/servlet/identity-federation-for-aws/aws-console-login/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3"
}
REST API v2 resources (complete reference)
Resource URI template methods description permissions comments Accounts You usually won't interact with accounts via the API currently, please see the Connectors resource instead! /accounts GET|POST Get all accounts (IAM users). Administrator /accounts/{id} GET|DELETE|PUT Get an account (IAM user) identified by its id. Administrator Connectors This is the main resource to interact with currently in order to retrieve temporary AWS security credentials. GET Get all AWS connectors. Configurable You only need GET for the intended usage as a token vendor, but POST will be added in a subsequent release regardless. /connectors/{id} GET Get an AWS connector identified by its id. Configurable You only need GET for the intended usage as a token vendor, but DELETE|PUT will be added in a subsequent release regardless. /connectors/{id}/credentials GET Get the temporary AWS security credentials via an AWS connector identified by its id. Configurable This is the main resource to use for calling AWS services in turn. /connectors/{id}/console/url GET Get the URL for SSO with the AWS Management Console via a AWS connector identified by its id. Configurable The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector).