AWS Connection
Learn how to configure an AWS Connection for Infisical.
Infisical supports two methods for connecting to AWS.
Infisical will assume the provided role in your AWS account securely, without the need to share any credentials.
Create the Managing User IAM Role for Infisical
-
Navigate to the Create IAM Role page in your AWS Console.
-
Select AWS Account as the Trusted Entity Type.
-
Select Another AWS Account and provide the appropriate Infisical AWS Account ID: use 381492033652 for the US region, and 345594589636 for the EU region. This restricts the role to be assumed only by Infisical. If self-hosting, provide your AWS account number instead.
-
(Recommended) Enable “Require external ID” and input your Organization ID to strengthen security and mitigate the confused deputy problem.
When configuring an IAM Role that Infisical will assume, it’s highly recommended to enable the “Require external ID” option and specify your Organization ID.
This precaution helps protect your AWS account against the confused deputy problem, a potential security vulnerability where Infisical could be tricked into performing actions on your behalf by an unauthorized actor.
Add Required Permissions to the IAM Role
Navigate to your IAM role permissions and click Create Inline Policy.
Depending on your use case, add one or more of the following policies to your IAM Role:
Copy the AWS IAM Role ARN
Setup AWS Connection in Infisical
-
Navigate to the App Connections tab on the Organization Settings page.
-
Select the AWS Connection option.
-
Select the Assume Role method option and provide the AWS IAM Role ARN obtained from the previous step and press Connect to AWS.
-
Your AWS Connection is now available for use.
-
Navigate to the App Connections tab on the Organization Settings page.
-
Select the AWS Connection option.
-
Select the Assume Role method option and provide the AWS IAM Role ARN obtained from the previous step and press Connect to AWS.
-
Your AWS Connection is now available for use.
To create an AWS Connection, make an API request to the Create AWS Connection API endpoint.
Sample request
Sample response
Infisical will assume the provided role in your AWS account securely, without the need to share any credentials.
Create the Managing User IAM Role for Infisical
-
Navigate to the Create IAM Role page in your AWS Console.
-
Select AWS Account as the Trusted Entity Type.
-
Select Another AWS Account and provide the appropriate Infisical AWS Account ID: use 381492033652 for the US region, and 345594589636 for the EU region. This restricts the role to be assumed only by Infisical. If self-hosting, provide your AWS account number instead.
-
(Recommended) Enable “Require external ID” and input your Organization ID to strengthen security and mitigate the confused deputy problem.
When configuring an IAM Role that Infisical will assume, it’s highly recommended to enable the “Require external ID” option and specify your Organization ID.
This precaution helps protect your AWS account against the confused deputy problem, a potential security vulnerability where Infisical could be tricked into performing actions on your behalf by an unauthorized actor.
Add Required Permissions to the IAM Role
Navigate to your IAM role permissions and click Create Inline Policy.
Depending on your use case, add one or more of the following policies to your IAM Role:
Copy the AWS IAM Role ARN
Setup AWS Connection in Infisical
-
Navigate to the App Connections tab on the Organization Settings page.
-
Select the AWS Connection option.
-
Select the Assume Role method option and provide the AWS IAM Role ARN obtained from the previous step and press Connect to AWS.
-
Your AWS Connection is now available for use.
-
Navigate to the App Connections tab on the Organization Settings page.
-
Select the AWS Connection option.
-
Select the Assume Role method option and provide the AWS IAM Role ARN obtained from the previous step and press Connect to AWS.
-
Your AWS Connection is now available for use.
To create an AWS Connection, make an API request to the Create AWS Connection API endpoint.
Sample request
Sample response
Infisical will use the provided Access Key ID and Secret Key to connect to your AWS instance.
Add Required Permissions to the IAM User
Navigate to your IAM user permissions and click Create Inline Policy.
Depending on your use case, add one or more of the following policies to your user:
Obtain Access Key ID and Secret Access Key
Retrieve an AWS Access Key ID and a Secret Key for your IAM user in IAM > Users > User > Security credentials > Access keys.
Setup AWS Connection in Infisical
-
Navigate to the App Connections tab on the Organization Settings page.
-
Select the AWS Connection option.
-
Select the Access Key method option and provide the Access Key ID and Secret Key obtained from the previous step and press Connect to AWS.
-
Your AWS Connection is now available for use.
-
Navigate to the App Connections tab on the Organization Settings page.
-
Select the AWS Connection option.
-
Select the Access Key method option and provide the Access Key ID and Secret Key obtained from the previous step and press Connect to AWS.
-
Your AWS Connection is now available for use.
To create an AWS Connection, make an API request to the Create AWS Connection API endpoint.
Sample request
Sample response
Was this page helpful?