_PrincipalTypesTable
Principal Type | Explanation | Learn more at AWS |
---|---|---|
Federated User | Yields temporary AWS security credentials for a federated user with the Atlassian user name and an optional IAM Policy (if absent, AWS applies a default) In order to use the Federated User principal type, you need to Grant an IAM Group Permission to Create Temporary Credentials! The following example shows a policy that grants permission to access the AWS STS {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "sts:GetFederationToken",
"Resource": "*"
}]
} Federated User does not allow to access IAM or STS APIs, for example when creating IAM resources via CloudFormation - use or Assume Role for these scenarios instead. | Permissions for GetFederationToken Grant an IAM Group Permission to Create Temporary Credentials |
Assume Role | Yields temporary AWS security credentials for an assumed role with the Atlassian user name and an optional External ID and an optional IAM Policy (if absent, AWS applies a default) In order to use the Assume Role principal type, you need to Grant an IAM Group Permission to Create Temporary Credentials! The following example shows a policy that grants permission to access the AWS STS {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::123123123123:role/UpdateAPP"
}]
} | Grant an IAM Group Permission to Create Temporary Credentials |
Account (IAM User) | Yields temporary AWS security credentials for the selected IAM user (recommended) or AWS account (disadvised) itself Account (IAM User) does not allow to specify IAM policies or distinguish users - use Federated User or Assume Role for these scenarios instead. |
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.