Delegate permissions with AWS roles
Buddy is the official partner of Amazon Web Services with native integrations to many AWS services. This means you can use Buddy to automate deployments to EC2 instances, S3 buckets, ECS, or Elastic Beanstalk.
Image loading...AWS services in Buddy
Until now, the integration was performed with access and secret keys. With today's release, it is possible to delegate permissions for Buddy with roles in your AWS account. Once you specify the scope of permissions and assign them to Buddy, the service will assume and use it to authenticate in your AWS services. This type of integration is much safer when it comes to delegating permissions to external providers. First of all, you can be sure that only the user for whom the role was created will be able to use it. Secondly, access and secret keys used in the CI/CD process are temporary (usually revoked after 60 minutes).
How it works
Create and delegate the role for Buddy's AWS account (
056014222594
).NOTE: The whole process is described in detail in our documentation.
- Provide the role ID when adding a new AWS integration: Image loading...Trust relationship form
- Buddy will generate temporary access and secret tokens for every execution with AWS actions.
There is more
The role assumption mechanism can be multiplied several times. For example, you can forward the permissions that your client delegated to you to Buddy simply by passing on your account permissions to it. This way you can use Buddy to deploy to AWS accounts of your clients without the need of asking them for authentication credentials and/or inviting them to your Buddy workspace.
Role ARN
and Role external ID
at the bottom of the form.
Image loading...Role assumption with access keys
Jarek Dylewski
Customer Support
A journalist and an SEO specialist trying to find himself in the unforgiving world of coders. Gamer, a non-fiction literature fan and obsessive carnivore. Jarek uses his talents to convert the programming lingo into a cohesive and approachable narration.