Amazon STS

Adding Amazon Security Token Service (STS) will allow you to configure Amazon Web Services on Buddy on-premises by assuming roles.

Supported services:

The application lets you utilize an AWS user to assume roles to other AWS accounts to which you were given access by third-parties.

Create user with role assumption permisssion

  1. Sign in to the AWS Management Console and open the IAM console at console.aws.amazon.com/iam/.
  2. Head to UsersAdd user.
  3. Enter a username and choose the permissions set allowing for role assumption:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "*"
}
]
}

The process of adding new users to AWS is explained in detail here.

If you want Buddy to assume specific accounts or roles with specific names only, make sure to change Resource to the correct pattern. For example:

"Resource": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/Test*"
  1. Generate and copy Access and Secret keys for the generated user – we will need this data to add the STS application in Buddy.

Always store sensible data in a safe place. The best practice is to delete it completely once all steps have been completed.

Configure Amazon SNS app in Buddy

  1. Log back to your Buddy Enterprise workspace as admin.
  2. Click Preferences and head to Standalone settingsApplications

Alternatively, you can use this link: https://STANDALONE_ADDRESS/settings/apps

  1. Look up the STS app and click Configure.
  2. Paste the Access key ID and Secret access key from the Amazon profile.
  3. Click Save changes and restart the machine to apply the new settings.

Once everything's configured, you will be able to define AWS integrations with role assumption on your on-premises installation.