Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,361,718
Community Members
 
Community Events
168
Community Groups

How to secure AWS credentials by Projects

I have added AWS credentials in Bamboo for code deployment. This credentials is shared to all other deployment projects.

But, I want restrict only for certain deployment projects. How could I do that?

I checked this link, https://confluence.atlassian.com/bamboo/shared-credentials-424313357.html#Sharedcredentials-edit_shared_credentials

It says I could edit, add or delete the credentials. I want to make it available for only certain projects.



 

1 answer

1 accepted

2 votes
Answer accepted

I'm afraid Bamboo shared credentials do not support such granular scopes at this point - please watch and vote for the following issues to in increase Atlassian's priority for these improvements:

Potential workaround

Depending on your specific requirements, you may be able to work around the problem via user groups and a third-party app as follows:

  1. Reuse/Create an appropriate group that restricts deployment permissions to applicable users as desired.
  2. Rather than using Bamboo's native shared AWS credentials feature, you could use our (commercial) Identity Federation for AWS (Bamboo) app where you can scope AWS credentials by user group, which has the following benefits and constraints:

Thanks @Steffen Opel _Utoolity_ 

I did vote for that JIRA ticket. Meanwhile I saw a plugin from Utoolity to inject temporary AWS credentials.

Will it help for code deployment?


Like Steffen Opel _Utoolity_ likes this

Hi @Purushothaman_Anbazhagan

I've updated my answer with a potential workaround based on our Identity Federation for AWS (Bamboo) app, which you can also 'just' use standalone to manage and use AWS credentials - conceptually it is a 'shared' app though and bundled for free with our other AWS integrations (works automatically), like the one you linked:

Depending on your scenario, Tasks for AWS (Bamboo) should indeed be able to help with code deployments, insofar its main feature set allows to provision and operate Amazon Web Services resources from Bamboo build and deployment projects. You can always try it for free and see whether it matches your requirements.

Cheers,
Steffen

Like # people like this

Thanks @Steffen Opel _Utoolity_ 

Let me check this out!

Cheers,
Purushothaman


Hi All,  @Steffen Opel _Utoolity_ @Purushothaman Anbazhagan 

Thanks for the info. My question is also related to Identity Federation for AWS and how to use temporary AWS credentials in Tasks for AWS(Bamboo). 

We want to use Bamboo running on-premise which does the build and then, via, SAML/Active Directory to obtain temporary credentials, then assume AWS provisioned cd-deploy role to fulfill the deployment. 

We just installed Free Trial of Tasks for AWS (Bamboo) which includes Identity Federation for AWS, but I am not seeing any related section with hints to connect to SAML iDP to get the temp credentials. 

Any recommendations? 

Thanks

Shao

Hi @Shao Cai,

Welcome to the Atlassian Community!

I see that you have meanwhile asked this as a dedicated question About SAML 2.0-based Federation and Bamboo's solution for AWS deployment (very helpful, thanks!), so I'll provide an answer there later today.

Cheers,
Steffen

Thanks Steffen, we want to explore more CI/CD tools except Jenkins, Bamboo is the one we are looking at as we are already using other Atlassian tool suites. If you want more info, I will be happy to discuss. Thanks 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 9.0 is now available

Hey there, Data Center community! I'm Martyna Wojtas and I am the Product Manager for Bamboo Data Center. I’m excited to share that Bamboo 9.0 is now available. We purpose-built this platform to help...

317 views 0 7
Read article

Atlassian Community Events