I have a requirement where I am doing a secret manager lookup from AWS using a specific IAM user role. This IAM user role keys are rotating once in a month. Like the AWS access key and secret id keeps changing.
How do I assume this role or how do I access these variables from AWS without defining the variables as bitbucket environment variable.
Please note, this is in continuation of ticket : BBS-156098, if you need more context.
@Nandini Vaiyapurithanks for your question.
We have similar workflow, but this is the responsibility of lambda function, the stage of setting values.
You can also retrieve the secrets from pipeline, it is also isolated . But for that you need separate user accessing secrets and permissions for it (or role if you want, it depends on how you setup permissions policy).
Also I would recommend to investigate how you encrypt and decrypt such sensitive info, making the double protection, because it is very sensitive info.
Here is the aws best practices in AWS Secrets Manager https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html
@Nandini Vaiyapurianyway you will have connection from aws to bitbucket or opposite - from bitbucket to aws.
So you need somehow to protect this communication, if you initiate connection with bitbucket from aws rotation, we recommend to create appropriate very limited access .
There are limited passwords, tokens, consider among them what you need exactly.
Here are bitbucket authentication docs
Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events