AWS Application Integration Setup

PreviousAtlassian Jira Application Integration Setup NextAWS Identity Center Integration Setup

Last updated 1 month ago

Was this helpful?

AWS Application Integration Setup

Getting Started

BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.

Requirements

Option 1 - Using an IAM Role

IAM Role ARN

Option 2 - Using an IAM User

Access Key ID
Secret Access Key

Getting the configuration

Option 1 - Using an IAM Role

We use an IAM User called balkan-service-user, which assumes the IAM Role provided by you, to connect to your AWS Account.

To create an IAM Role which the balkan-service-user can assume, follow the steps below.

Navigate to the section.
Click "Create role":

Set the "Trusted entity type" to "Custom trust policy" and paste the following policy into the section below it:

Note: If you have a dedicated environment, the Account ID in this trust policy will be different and so you will have to reach out to support@balkan.id for the correct Account ID for your dedicated environment.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowingBalkanIDServiceUser",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::015482169847:user/balkan-service-user"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

In the "Permissions policies" section, filter policies for IAMReadOnlyAccess and select as in image:

In the next section, set the IAM Role Name and Description. The IAM Role Name will be part of the IAM Role ARN. Click "Create role" to create the IAM Role.
Once the IAM Role is created, set the "Maximum session duration" to be 12 hours:

You can copy the ARN from the "ARN" section (just above "Maximum session duration" in the image above).

Option 2 - Using an IAM User

To generate an access key ID and secret access key, follow the steps below.

Click “Add users”:
Add the user and ensure it has Access key - programmatic access credential type checked:
When setting the permissions, use the Attach existing policies directly option, and filter policies for IAMReadOnlyAccess and select as in image:
Click “Create User”:
Copy the Access key ID and Secret access key as below:

Configure AWS in your BalkanID tenant

Login to the BalkanID application and switch to the tenant you would like to add your integration to.
Head to Integrations > Third Party Applications and click Add Integration, select AWS. Set up the Primary Application owner and the Description, if any.
AWS would have been added to the list of applications. Click on the Configure and Integrate button beside the integration name, and configure the fields with the values that were noted prior. It should look like this:
Once you filled in the information, click Save changes. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the Integrations page. Integrations are synced daily. When data is available, the integration Status column will read Connected and the integration Message will read Data available.