Using Identity Federation for AWS
- Steffen Opel [Utoolity]
- Jana Lehmann [Utoolity]
- Henrik Opel [Utoolity]
Identity Federation for AWS is an Amazon Web Services (AWS) integration app that provides temporary AWS security credentials for your Atlassian DevOps workflows – enable single sign-on (SSO) to the AWS Management Console with deep links to AWS resources for users, and grant fine-grained access permissions for Amazon Web Services resources via Identity and Access Management (IAM) policies for other apps via a REST API.
Getting started
Ensure there is at least one AWS Connector available – refer to Providing AWS Security Credentials for details.
(Optional) Provision dedicated AWS resources for the integrations you intend to use (you can also reuse existing AWS resources) – refer to Provisioning AWS Resources for details.
Use the provided CloudFormation Templates to provision AWS resources.Start federating with the available integrations.
Using Integrations
Jira
Use the following integrations in Jira:
-
Using the AWS Resource link in Jira — Use the AWS Resource link to create deep links with optional single sign-on (SSO) to the AWS Management Console.
-
Using the AWS Management Console Login gadget — Use the AWS Management Console Login gadget to provide single sign-on (SSO) links to your users for each AWS Connector they have access to. They can use this gadget outside of Jira and Bamboo (e.g. on Confluence pages) and configure it to show all or a desired subset of the available links.
-
Using the AWS Management Console Login menu — Use the AWS Management Console Login menu to provide single sign-on (SSO) links to your users for each AWS Connector they have access to. These links will appear automatically within Jira or Bamboo and require no further configuration.
Bamboo
Use the following integrations in Bamboo:
-
Using the Amazon ECR Credentials Variables task in Bamboo — Use the Amazon ECR Credentials Variables task to provide temporary Amazon Elastic Container Registry (Amazon ECR) authentication credentials for other tools by injecting them into AWS unaware tasks like the Bamboo Docker task. This improves versatility for using tools that are not directly integrated with Identity Federation for AWS, but accept AWS credentials via the command line, environment variables or the Bamboo task interface.
-
Using the AWS Credentials Variables task in Bamboo — Use the AWS Credentials Variables task to provide managed temporary AWS security credentials for other tools by injecting them into AWS unaware tasks like the Bamboo Script task. This improves versatility for using tools that are not directly integrated with Identity Federation for AWS, but accept AWS credentials via the command line, environment variables or the Bamboo task configuration interface.
-
Using the AWS Security Credentials dialog — Use the AWS Security Credentials dialog to generate temporary AWS security credentials on demand so that you can validate the IAM policy configuration, or provide the credentials to other tools and services for the configured duration. The dialog allows you to copy the credential elements as individual values, and it also provides code templates with applicable AWS CLI environment variables for Shell, PowerShell, and CMD usage, as well as a named profile fragment for the AWS credentials file.
-
Using the AWS CodeCommit web repository viewer in Bamboo — Use the AWS CodeCommit web repository viewer to click through with optional single sign-on (SSO) to commits and diffs in the AWS CodeCommit console from your builds and deployments.
-
Using the AWS Management Console Login gadget — Use the AWS Management Console Login gadget to provide single sign-on (SSO) links to your users for each AWS Connector they have access to. They can use this gadget outside of Jira and Bamboo (e.g. on Confluence pages) and configure it to show all or a desired subset of the available links.
-
Using the AWS Management Console Login menu — Use the AWS Management Console Login menu to provide single sign-on (SSO) links to your users for each AWS Connector they have access to. These links will appear automatically within Jira or Bamboo and require no further configuration.
How-to Articles
Frequently Asked Questions (FAQ)
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.