- unmigrated-wiki-markup
Documentation for Identity Federation for AWS 2.1 – other releases are available in the Identity Federation for AWS Documentation Directory.
View
or visit the current documentation home.
Developer's Guide
Identity Federation for AWS is a foundational Amazon Web Services (AWS) integration add-on, which exposes resources via a REST API - this is the developer's guide to the Identity Federation for AWS REST API for developers who want to:
- integrate Atlassian products with AWS based DevOps scenarios
- develop add-ons that enhance an Atlassian product's functionality by means of integrating AWS backed services
API Compatibility
Identity Federation for AWS strives to support the two latest API versions to provide an upgrade path:
API Limitations
Usage of the REST API requires an active user session, which isn't available during execution of tasks in Bamboo or scheduled tasks in JIRA for example.
- AWS credentials for such 'system scope' scenarios can be retrieved via the as of yet unpublished Java API (facilitated by Tasks for AWS for example) - please don't hesitate to get in touch, if you are in need for system scoped identity federation with AWS, we are eager to learn more about your use case.
On this page:
Getting started
The Identity Federation for AWS REST API is based on open standards, so you can use any web development language or command line tool capable of generating an HTTP request to access the API, e.g. the popular cURL (a CLI tool for transferring data with URL syntax) or the highly recommended HTTPie (a CLI, cURL-like tool for humans). All resources can be used like the regular JIRA REST API (or Stash REST API, see info below):
REST API Browser
The easiest way to explore and experiment with the Identity Federation for AWS API is by means of the Atlassian REST API Browser, simply select the Identity Federation for AWS resources.
Atlassian REST API Design Guidelines compliance
Structure of the REST URIs
The Identity Federation for AWS REST API provides access to resources (data entities) via URI paths. To use the REST API, your application will make an HTTP request and parse the response. The Identity Federation for AWS REST API uses JSON as its communication format, and the standard HTTP methods like GET, PUT, POST and DELETE. URIs for Identity Federation for AWS REST API resources are keyed by the add-on namespace and have the following structure:
http://host:port/context/rest/identity-federation-for-aws/2.0
REST API v2 resources (Identity Federation)
This is the reference of all resources relevant to this add-ons actual functionality as a token vendor for Identity Federation - refer to the REST API resources (complete reference) if you intent to include this add-on into administrative automation scenarios (e.g. for scripting).
Resource | URI template | methods | description | permissions | comments |
---|---|---|---|---|---|
Connectors | This is the main resource to interact with currently in order to retrieve temporary AWS security credentials. | ||||
GET | Get all AWS connectors. | Configurable | |||
/connectors/{id} | GET | Get an AWS connector identified by its id. | Configurable | . | |
/connectors/{id}/credentials | GET | Get the temporary AWS security credentials via a AWS connector identified by its id. | Configurable | This is the main resource to use for calling AWS services in turn. |
/rest/identity-federation-for-aws/2.0/connectors
Methods
GET
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors (200)
{ "values": [ { "id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3", "name": "Development Team A", "type": "FEDERATION_TOKEN" }, { "id": "1f2d5aee-839e-49ae-8a5b-e9ae27a2f2d8", "name": "Development Team B", "type": "SESSION_TOKEN" }, { "id": "997a2479-a27c-46fc-9397-9a6bff91b7dd", "name": "Operations Team", "type": "FEDERATION_TOKEN" "scope": "SYSTEM" } ], "size": 3 }
/rest/identity-federation-for-aws/2.0/connectors/{id}
Methods
GET
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1 (200)
{ "id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3", "name": "Development Team A", "type": "FEDERATION_TOKEN" }
/rest/identity-federation-for-aws/2.0/connectors/{id}/credentials
Methods
GET
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1/credentials (200)
{ "expiration": 1370423461000, "sessionToken": "AQoDYXdzEN7//////////wEa8AEmChyr2gLDNxQATlASOWNkI0ORBVCkbPuMdTPQxpQR7NrqxjBo+O13lg2KjKdsxoXfR3fzCG/L0g9k2YQOMWVZjQLkd6cS4F3NL3qa/dtheXaYmcCeUXwJoznMWsXvGV3OQyizKD7hHcQbrYDzJWr1hcoksx03NazuG1xx6uWn8uwcktsyMCwATlasC8tqw6ffozllgQr2eZK1lBPyXWQy7Jwx3EyXLP/rulAhEBE9mrAUzp0xq0Yiekc7I06dSAQT7fBsuHzWoNQ0O8zmX4S35AL+pP+kBzAJZ75qvviNZYmoqXCBcSEOmWLFnyAuCSUg5a+5jQU=", "accessKeyId": "ASIJATLAS2XBO2MQ77VQ", "secretAccessKey": "FeJioaEdLa0RJsVCSBYAtLaskADEzkq1VFriuJla" }
REST API v2 resources (complete reference)
This is the complete reference of all resources available. You usually won't interact with most of these outside of administrative automation scenarios (e.g. for scripting) - please see the REST API resources (Identity Federation) for this add-ons actual functionality first.
Resource | URI template | methods | description | permissions | comments |
---|---|---|---|---|---|
Accounts | You usually won't interact with accounts via the API currently, please see the Connectors resource instead! | ||||
/accounts | GET|POST | Get all accounts (IAM users). | Administrator | ||
/accounts/{id} | GET|DELETE|PUT | Get an account (IAM user) identified by its id. | Administrator | ||
Connectors | This is the main resource to interact with currently in order to retrieve temporary AWS security credentials. | ||||
/connectors | GET | Get all AWS connectors. | Configurable | You only need GET for the intended usage as a token vendor, but POST will be added in a subsequent release regardless. | |
/connectors/{id} | GET | Get an AWS connector identified by its id. | Configurable | You only need GET for the intended usage as a token vendor, but DELETE|PUT will be added in a subsequent release regardless. | |
/connectors/{id}/credentials | GET | Get the temporary AWS security credentials via an AWS connector identified by its id. | Configurable | This is the main resource to use for calling AWS services in turn. |