Identity Federation for AWS 2.9

Identity Federation for AWS icon The Utoolity team is pleased to present Identity Federation for AWS 2.9 – this release adds support for Bitbucket, and allows to disable the implicit connector visibility for administrators (experimental).

Highlights

Use Identity Federation for AWS in Bitbucket

You can now use Identity Federation for AWS in Bitbucket to gain the following benefits:

  • Federated AWS access for Atlassian users – Add long-term AWS security credentials (IAM users) once, configure AWS access for Atlassian groups and Bitbucket add-ons with temporary credentials and fine grained permissions via IAM Policies thereafter (Identity Broker)
  • Single sign-on (SSO) to the AWS Management Console – Grant your team SSO access to AWS accounts via the [AWS Management Console Login menu](https://utoolity.atlassian.net/wiki/spaces/IFAWS/pages/107806733/Using+the+AWS+Management+Console+Login+menu
  • REST API for temporary AWS security credentials – GET temporary AWS security credentials for Bitbucket apps via the REST API (Token Vendor)

Disable implicit connector visibility for administrators (experimental)

You can now disable the implicit connector visibility for administrators via a labs feature flag:

By default, administrators can always edit, see and use all connectors, whereas visibility and usage of connectors in the 'AWS Resources' menu, the connector selection widget, and via the REST API is scoped to the selected groups for all non administrators to allow the delegation of temporary AWS credentials retrieval.

While this behavior properly reflects the security barriers in the Atlassian Server universe (where administrators are generally able to get access to all data one way or another), it turns out to be a usability flaw for scenarios where many users have been granted administrative rights to overcome insufficient permission granularity in the host product (e.g. Bamboo before the permission changes introduced in release 6.2) - as a preliminary workaround, this feature flag allows to change the default behavior.

Release notes

For more details about this release, please refer to the Identity Federation for AWS 2.9 Release Notes.