BasicsPipelinesActions & ServicesEnvironmentsIntegrationsTargetsDomainsSelf-HostedYAMLBuddy GitTroubleshootingAPI

AWS integration

What are Amazon Web Services (AWS)?

AWS is a popular cloud computing platform offering a wide range of services to help businesses and individuals with in software development, management, and hosting. The services cater to the needs of distributed systems, high availability and event-driven architectures.

What is AWS Continuous Delivery

Continuous Delivery on AWS means that the entire software release process between Amazon services is streamlined and automated, allowing for frequent updates of software components in the production environment. Although Amazon offers its own CI/CD tools, such as AWS CodePipeline, introducing Continuous Delivery with Buddy is much easier due to native integrations with its ecosystem, fully visualized pipeline process, and simplified debugging.

On top of running unit tests and building applications, Buddy pipelines let you automate all types of use cases: from deploying source code to S3 buckets, to invoking AWS Lambda functions and provisioning serverless applications with CloudFront.

Image loading...Example pipeline with Lambda function and deployment

Tip
If you didn't find your AWS service on the list, you can still manage it using the AWS CLI action. This way you can perform operations on more specialized services, such as Amazon SQS or AWS Step Functions.

Setting up AWS integration

  1. To get started, navigate to the Integrations tab and click New integration.

  2. Look up and click AWS (it can be found in the IaaS section):

Image loading...AWS integration selection

  1. The configuration window will show up:

Image loading...AWS integration configuration

Here you have to provide:

Hint
You can adjust the privacy settings of your integration (i.e. who can use it and where) in the Sharing tab.

Types of AWS integration

Application integration between your Buddy and AWS account can be performed in three ways:

  1. With access & secret keys.
  2. By assuming a role with permissions to Buddy in the Amazon account.
  3. By using the OIDC identity provider.
Warning
For increased security, we recommend at least delegating permissions with a role from the AWS management console.
Hint
Running Buddy self-hosted? Integrate Amazon SNS/Pinpoint to send and receive messages on pipeline notifications and 2FA messages to your mobile devices.

Access & Secret keys

  1. Log in to your Amazon account and go to IAM → Users.
  2. Click Add a new user and fill in the details. Make sure to check the 'Programmatic access' type.
  3. Depending on what service you use, on the permissions page switch to 'Attach existing policies directly' and check proper policies.
Hint
Check the list of required policies.
  1. Once the user is created, switch to the Security credentials tab and create an Access Key:

Image loading...Security credentials tab

  1. A pop-up will appear. Make sure to copy the Access key and Secret key:

Image loading...Creating access key

  1. In the application integration window in Buddy, provide the Access and Secret keys that you copied from the AWS console:

Image loading...AWS integration configuration with access and secret keys

Tip
If you want Buddy to assume your delegated role upon logging with the keys, you can provide the role's ARN and External ID. Image loading...Role assumption in key-based integration
  1. When the configuration is finished, you can create a pipeline and add the desired actions from the AWS section:

Image loading...Adding AWS actions

Role assumption

  1. Log in to your Amazon account and go to IAM → Roles.
  2. Click Create role:

Image loading...Creating role in IAM console

  1. Select Another AWS account as the type of trusted entity and set the Account ID to: 056014222594

Image loading...Creating role for AWS account

Warning
For additional security, check Require external ID. Make sure to remember the secret as we are going to use it shortly.
  1. Click Next: Permissions to proceed.
  2. Select the policies that you want to assign to Buddy:

Image loading...Attaching permissions policies to Buddy

Hint
The full list of policies required by Buddy to work with AWS services is available here.
  1. Click Next: Tags to proceed.
  2. (Optional) Add IAM tags to your role if your workflow requires it:

Image loading...Adding IAM tags to role

  1. Click Next: Review to proceed.
  2. Check if everything is okay and click Create role to finish configuration. Make sure to copy the Role ARN:

Image loading...Role review

  1. In the integration configuration window in Buddy, paste the Role ARN and External ID from the AWS console:

Image loading...AWS integration configuration

  1. You can now add the desired AWS actions to your pipeline:

Image loading...AWS actions in Buddy

OIDC

To integrate with OIDC, jump to our dedicated article on integrating AWS services with Buddy pipelines over OIDC.

Last modified on Jan 29, 2025

Previous pageApp StoreNext pageRequired policies