Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-19721

Use IAM profile to authenticate to S3 for artifact handlers

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Artifacts, AWS
    • None
    • 4
    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      For the S3 Artifact Handler configuration, we need to provide the AWS key and secret key. These are long-lived access keys which are not allowed by some companies' security policies.

      Furthermore, S3 Artifact Handler can be configured with only a single access key. If elastic/remote agents are running on different AWS accounts, it might be problematic to authorize their access to S3 with the same access key. Using IAM Role is a better solution for such use case.

      Suggested Solution

      Have options of Access Key or IAM profile for S3 authentication.

      Why this is important

      Some security policies prohibit the use of long-lived access keys like AWS keys

            [BAM-19721] Use IAM profile to authenticate to S3 for artifact handlers

            Matthew R added a comment -

            This would be a great if we could authenticate S3 using a IAM profile. This would remove the need for our team to rotate our user access keys as it is a strong requirement by our cyber team to rotate access keys regularly.

            Matthew R added a comment - This would be a great if we could authenticate S3 using a IAM profile. This would remove the need for our team to rotate our user access keys as it is a strong requirement by our cyber team to rotate access keys regularly.

              Unassigned Unassigned
              ezeidan Ellie Z (they/them)
              Votes:
              17 Vote for this issue
              Watchers:
              17 Start watching this issue

                Created:
                Updated: