It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to restrict my IAM user only for Bitbucket ?

dror-arm I'm New Here Apr 01, 2020

Hello 

I Created on aws this policy below, 

To run the pipelines .

But the Ip condition list causing it to fail, in my case to s3 sync operation .

I've used the list from https://confluence.atlassian.com/bitbucket/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall-343343385.html

Any Ideas why?

 

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"34.199.54.113/32",
"34.232.25.90/32",
"34.232.119.183/32",
"34.236.25.177/32",
"35.171.175.212/32",
"52.54.90.98/32",
"52.202.195.162/32",
"52.203.14.55/32",
"52.204.96.37/32",
"34.218.156.209/32",
"34.218.168.212/32",
"52.41.219.63/32",
"35.155.178.254/32",
"35.160.177.10/32",
"34.216.18.129/32",
"18.205.93.0/25",
"18.234.32.128/25",
"13.52.5.0/25"
]
}
}
}
]
}

 

 

1 answer

1 accepted

0 votes
Answer accepted
dror-arm I'm New Here Apr 02, 2020

The reason it’s not working, according to AWS support, is that there are internal ip’s between services, such as s3. Ip condition over the IAM user will not be enough.

The solution is to use role which can be assume by IAM user with single permission, assume that new role.

The Trust section of the role will have only the bitbucket ips.

https://aws.amazon.com/premiumsupport/knowledge-center/iam-restrict-calls-ip-addresses/

Integrate to pipeline can be use assume in boto3 or with :

https://community.atlassian.com/t5/Bitbucket-questions/BitBucket-Pipelines-AWS-Assume-roles/qaq-p/1154514

Diogo Zedan answer

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket Pipelines

What We Learned When We Researched Open Source Vulnerabilities in 7 Popular Coding Languages

...hey are a part of us, shaping how we interact with the world around us. The same holds true for programming languages when we think about how different kinds of vulnerabilities raise their heads in t...

1,038 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you