The following macros are not currently supported in the header:
  • unmigrated-wiki-markup

Documentation for Identity Federation for AWS 2.6 – other releases are available in the Identity Federation for AWS Documentation Directory.
View

Unknown macro: {spacejump}

or visit the current documentation home.

REST API v2 Reference

Owned by Steffen Opel [Utoolity]
Last updated: 04.08.2016Version comment
4 min read

This is the Identity Federation for AWS REST API v2 reference, see the Developer's Guide for more information.

API Compatibility

Identity Federation for AWS strives to support the two latest API versions to provide an upgrade path:

API Limitations

Usage of the REST API requires an active user session, which isn't available during execution of tasks in Bamboo or scheduled tasks in JIRA for example.

  • AWS credentials for such 'system scope' scenarios can be retrieved via the as of yet unpublished Java API (facilitated by Tasks for AWS for example) - please don't hesitate to get in touch, if you are in need for system scoped identity federation with AWS, we are eager to learn more about your use case.

On this page:

REST API v2 resources (Identity Federation)

This is the reference of all resources relevant to this add-ons actual functionality as a token vendor for Identity Federation - refer to the REST API resources (complete reference) if you intent to include this add-on into administrative automation scenarios (e.g. for scripting).

ResourceURI templatemethodsdescriptionpermissionscomments
Connectors    (plus) This is the main resource to interact with currently in order to retrieve temporary AWS security credentials.
 

/connectors

GETGet all AWS connectors.Configurable 
 /connectors/{id}GETGet an AWS connector identified by its id.Configurable 
 /connectors/{id}/caller-identityGETGet details about the IAM identity whose credentials are used to call the API.Configurable 
 /connectors/{id}/credentialsGETGet temporary AWS security credentials via a AWS connector identified by its id.Configurable(lightbulb) This is the main resource to use for calling AWS services in turn.
 /connectors/{id}/console/urlGETGet the URL for SSO with the AWS Management Console via a AWS connector identified by its id.Configurable(info) The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector).
 /connectors/{id}/ecr/credentialsGETGet temporary Amazon ECR authentication credentials via a AWS connector identified by its id.Configurable

Refer to Amazon EC2 Container Registry (Amazon ECR) authentication credentials for details.

  • (lightbulb) In addition to the native AWS API response data, the response also provides the properties proxyEndpointDomain, username and password for convenient usage with the Bamboo Docker task.

/rest/identity-federation-for-aws/2.0/connectors

Methods

GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors (200)
Response Headers 
Server: Apache-Coyote/1.1
X-AREQUESTID: 1384x1779x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:04:32 GMT
Response Body
{
  "values": [
    {
      "id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
      "name": "Development Team A",
      "type": "FEDERATION_TOKEN"
    },
    {
      "id": "1f2d5aee-839e-49ae-8a5b-e9ae27a2f2d8",
      "name": "Development Team B",
      "type": "SESSION_TOKEN"
    },
    {
      "id": "997a2479-a27c-46fc-9397-9a6bff91b7dd",
      "name": "Operations Team",
      "type": "FEDERATION_TOKEN"
      "scope": "SYSTEM"
    }
  ],
  "size": 3
}

 

 

/rest/identity-federation-for-aws/2.0/connectors/{id}

Methods

GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3 (200)
Response Headers 
Server: Apache-Coyote/1.1
X-AREQUESTID: 1390x1780x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:10:08 GMT
Response Body
{
  "id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
  "name": "Development Team A",
  "type": "FEDERATION_TOKEN"
}

/rest/identity-federation-for-aws/2.0/connectors/{id}/caller-identity

Methods

GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/caller-identity (200)
Response Headers 
Server: Apache-Coyote/1.1
X-Seraph-LoginReason: OK
	Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 22 Jul 2016 09:58:31 GMT
Response Body
{
  "account": "248163264128",
  "arn": "arn:aws:sts::248163264128:federated-user/admin",
  "userId": "248163264128:admin"
}

/rest/identity-federation-for-aws/2.0/connectors/{id}/credentials

Methods

GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/credentials (200)
Response Headers 
Server: Apache-Coyote/1.1
X-AREQUESTID: 1390x1782x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:10:56 GMT
Response Body
{
  "expiration": 1370423461000,
  "sessionToken": "AQoDYXdzEN7//////////wEa8AEmChyr2gLDNxQATlASOWNkI0ORBVCkbPuMdTPQxpQR7NrqxjBo+O13lg2KjKdsxoXfR3fzCG/L0g9k2YQOMWVZjQLkd6cS4F3NL3qa/dtheXaYmcCeUXwJoznMWsXvGV3OQyizKD7hHcQbrYDzJWr1hcoksx03NazuG1xx6uWn8uwcktsyMCwATlasC8tqw6ffozllgQr2eZK1lBPyXWQy7Jwx3EyXLP/rulAhEBE9mrAUzp0xq0Yiekc7I06dSAQT7fBsuHzWoNQ0O8zmX4S35AL+pP+kBzAJZ75qvviNZYmoqXCBcSEOmWLFnyAuCSUg5a+5jQU=",
  "accessKeyId": "ASIJATLAS2XBO2MQ77VQ",
  "secretAccessKey": "FeJioaEdLa0RJsVCSBYAtLaskADEzkq1VFriuJla"
}

/rest/identity-federation-for-aws/2.0/connectors/{id}/console/url

Methods

GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/console/url (200)
Response Headers 
Server: Apache-Coyote/1.1
X-AREQUESTID: 764x100x1
X-asessionid: 1ycp90k
X-Seraph-LoginReason: OK
X-ausername: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 24 Aug 2015 10:44:11 GMT
Response Body
{
  "url":"http://host:port/context/plugins/servlet/identity-federation-for-aws/aws-console-login/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3"
}

/rest/identity-federation-for-aws/2.0/connectors/{id}/ecr/credentials?region={region}

Methods

GET
Request
GET http://host:port/context/rest/identity-federation-for-aws/2.0/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/ecr/credentials?region=us-east-1 (200)
Response Headers 
Server: Apache-Coyote/1.1
X-AREQUESTID: 764x100x1
X-asessionid: 1ycp90k
X-Seraph-LoginReason: OK
X-ausername: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 16 Feb 2016 16:55:39 GMT
Response Body
{
  "values": [
    {
      "authorizationToken": "QVdTOkNpQndtMFlhSVNKZVJ0Sm01bjFHNnVxZWVrWHVvWFhQATlASmNlOVJxOC8xNHhLU0J3RUJBZ0I0Y0p0R0dpRWlYa2JTWnVaOVJ1cnFubnBGN3FGMXozdVZCWEh2VWF2UDllTUFBQU5wTUlJRFpRWUpLb1pJaHZjTkFRY0dvSUlEVmpDQ0ExSUNBUUF3Z2dOTEJna3Foa2lHOXcwQkJ3RXdIZ1lKWUlaSUFXVURCQUV1TUJFRURLOG43TkNtekd0TU9oZzBEUUlCRUlDQ0F4eEMrK2s3MmF2UlZ2cGZVcGl3bU5vSEYxWXZORHdqZnZoUkc5K1VPL3d2NzNCUUlVVVduRS91bmxHREtrdElzNXFuR2FKNUFldTJET3drSVo4b01pb2hjazhrc2JDRkEraVhZMkkxcmNjaDdmV1hEbVNnYm15ZloyY010UmwrOUdDWk15bVhJelpFd3BhOXI5QUN1NVVzTVhYcHhKTFFVWEZOVVgrdWIwSThFMjFDN1BwRWRWQkl2blFUVVE1ZGttalFqVTlEREUzMStLT2w1eC80Y2pMeWZobU10bzBSc1FsOGVQTTlUYkVJcFZKT2NIelk4K05rakpwZkRUY3ZrUUJYZDRCWlFMMmtZUzhCUC9VeTF0bCs2cVY3MGhrSkpnbTBVQnJBWnhNM0FJc09SZ0Q3TUJ5WXUzZklTemlYV1FHL2s1cG1VTzV5bVlYeTJwenJxTnhnMXNFZk5rUDdGTVZLZklOenlaNUVJZjdNc3JKeDlxTlNOelpYNStVNmNJM052T2pHYkhJSjZxM0YxdWQ0aFNENXcyRUQ2bDZiVWtVS0FvR2cxSmMxaW1UUnBKTWVXWlozSjc0ZU1DL0FwZExzNzZZclNScExVYXVwNHZJQjRkRmptZ2Q1bFNMS2p0NEF5Rjd0S2ZYOG82anJSS2dyRkc5dEExZXl6dW1DdXo0MHZTQkRLQW1WNTlwK2dzYmh1aFVzcWlETWdaUHdBNis0WHNJbno1WE9xM01QaFI4cncxckhPYmxhaUtJbG14RnZFSTQ2R213TTFoSWJnc3RqNXE3cW4vcUpPOTQra1NZY0xoMFVNZWdIZmUxd2dvdjhzaDRBa0VDVG0ydkFaM2dsQmtoU3RDYTlUTGxJZGJZNHl5RVBkaGNsS3g4SDV0MGdPMXZRN3dWNjdrZG54U3JSM1pCTDdtL3VPNmdPS05zc0p4NjlyN1E0Z2k2cjhMU0RHTVEvekV4bGQzcEJxcjNoV1F3RWdEeVBBclg3Yk5wblFLQlVFV2tneW1wcUpOWkpPRUhQR0I5Rm1obDN5ZVYwS0ZWTlVBdzJWTE95ekJrU1JMVFd3OWl6VlF1eVlpSE8zcHFyMlRjczdBVVJIb2FvcFBwWGRlOTJDeFB5ZllranBEazFlMjRVVWxuUW5tY1g0cGcyUWh1VHJoWVdOc2h0MVNWU0NnanJkamhEdURwUDh6UmtzTFJFaWErUE1YZlhnRFFPOUNLK1B4cEJOZE5aQzR0ZHhpMzYrVElkVjNnQjlIcHU4YmxWTllONjgzdEpuN3c0SXRSSUhzY0NGWnRiTnY4UTdBL0dadEN4UGt3YVFkTkREZSt2RG1ia25yVGtmUEJhYzhzclNhTEJMRGJOcGZmajc4QUx0c0lISStuT1VxRDV1VGI3OTljV2dnNytyMDFw",
      "expirationDate": "20160217T045542Z",
      "proxyEndpoint": "https://124816326400.dkr.ecr.us-east-1.amazonaws.com",
      "proxyEndpointDomain": "124816326400.dkr.ecr.us-east-1.amazonaws.com",
      "username": "AWS",
      "password": "CiBwm0YaISJeRtJm5n1G6uqeekXuoXXPe5UFce9Rq8/ATlASBwEBAgB4cJtGGiEiXkbSZuZ9RurqnnpF7qF1z3uVBXHvUavP9eMAAANpMIIDZQYJKoZIhvcNAQcGoIIDVjCCA1ICAQAwggNLBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDK8n7NCmzGtMOhg0DQIBEICCAxxC++k72avRVvpfUpiwmNoHF1YvNDwjfvhRG9+UO/wv73BQIUUWnE/unlGDKktIs5qnGaJ5Aeu2DOwkIZ8oMiohck8ksbCFA+iXY2I1rcch7fWXDmSgbmyfZ2cMtRl+9GCZMymXIzZEwpa9r9ACu5UsMXXpxJLQUXFNUX+ub0I8E21C7PpEdVBIvnQTUQ5dkmjQjU9DDE31+KOl5x/4cjLyfhmMto0RsQl8ePM9TbEIpVJOcHzY8+NkjJpfDTcvkQBXd4BZQL2kYS8BP/Uy1tl+6qV70hkJJgm0UBrAZxM3AIsORgD7MByYu3fISziXWQG/k5pmUO5ymYXy2pzrqNxg1sEfNkP7FMVKfINzyZ5EIf7MsrJx9qNSNzZX5+U6cI3NvOjGbHIJ6q3F1ud4hSD5w2ED6l6bUkUKAoGg1Jc1imTRpJMeWZZ3J74eMC/ApdLs76YrSRpLUaup4vIB4dFjmgd5lSLKjt4AyF7tKfX8o6jrRKgrFG9tA1eyzumCuz40vSBDKAmV59p+gsbhuhUsqiDMgZPwA6+4XsInz5XOq3MPhR8rw1rHOblaiKIlmxFvEI46GmwM1hIbgstj5q7qn/qJO94+kSYcLh0UMegHfe1wgov8sh4AkECTm2vAZ3glBkhStCa9TLlIdbY4yyEPdhclKx8H5t0gO1vQ7wV67kdnxSrR3ZBL7m/uO6gOKNssJx69r7Q4gi6r8LSDGMQ/zExld3pBqr3hWQwEgDyPArX7bNpnQKBUEWkgympqJNZJOEHPGB9Fmhl3yeV0KFVNUAw2VLOyzBkSRLTWw9izVQuyYiHO3pqr2Tcs7AURHoaopPpXde92CxPyfYkjpDk1e24UUlnQnmcX4pg2QhuTrhYWNsht1SVSCgjrdjhDuDpP8zRksLREia+PMXfXgDQO9CK+PxpBNdNZC4tdxi36+TIdV3gB9Hpu8blVNYN683tJn7w4ItRIHscCFZtbNv8Q7A/GZtCxPkwaQdNDDe+vDmbknrTkfPBac8srSaLBLDbNpffj78ALtsIHI+nOUqD5uTb799cWgg7+r01p"
    }
  ],
  "size": 1
}

REST API v2 resources (complete reference)

This is the complete reference of all resources available. You usually won't interact with most of these outside of administrative automation scenarios (e.g. for scripting) - please see the REST API resources (Identity Federation) for this add-ons actual functionality first.

ResourceURI templatemethodsdescriptionpermissionscomments
Accounts    (warning) You usually won't interact with accounts via the API currently, please see the Connectors resource instead!
 /accountsGET|POSTGet all accounts (IAM users).Administrator 
 /accounts/{id}GET|DELETE|PUTGet an account (IAM user) identified by its id.Administrator 
Connectors    (plus) This is the main resource to interact with currently in order to retrieve temporary AWS security credentials.
 

/connectors

GETGet all AWS connectors.Configurable(info) You only need GET for the intended usage as a token vendor, but POST will be added in a subsequent release regardless.
 /connectors/{id}GETGet an AWS connector identified by its id.Configurable(info) You only need GET for the intended usage as a token vendor, but DELETE|PUT will be added in a subsequent release regardless.
 /connectors/{id}/caller-identityGETGet details about the IAM identity whose credentials are used to call the API.Configurable 
 /connectors/{id}/credentialsGETGet the temporary AWS security credentials via an AWS connector identified by its id.Configurable(lightbulb) This is the main resource to use for calling AWS services in turn.
 /connectors/{id}/console/urlGETGet the URL for SSO with the AWS Management Console via a AWS connector identified by its id.Configurable (info) The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector).
 /connectors/{id}/ecr/credentialsGETGet temporary Amazon ECR authentication credentials via a AWS connector identified by its id.Configurable

Refer to Amazon EC2 Container Registry (Amazon ECR) authentication credentials for details.

  • (lightbulb) In addition to the native AWS API response data, the response also provides the properties proxyEndpointDomain, username and password for convenient usage with the Bamboo Docker task.

Frequently Asked Questions (FAQ)

Atlassian®, Atlassian Bamboo®, Bitbucket®, Atlassian Crowd®, Confluence®, Jira®, Jira Service Management™, Opsgenie®, and Statuspage™ are registered trademarks of Atlassian.
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.

Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.