Create: AWS type

Description

Use a HTTP POST request to create a AWS credential.

Request

HTTP Method: POST

Parameter Description
name Name of the credential.
mode Describes the type of credential (AWS)
team_id ID of Tines Team where the credential will be located.
aws_authentication_type The authentication method with AWS, key-based-access or role-based-access(KEY, ROLE, INSTANCE_PROFILE)
aws_access_key The access key from your AWS Security Credentials
aws_secret_key The access secret from your AWS Security Credentials
aws_assumed_role_arn Required for role-based-access The ARN of the role you wish to assume, e.g.: arn:aws:iam::123456789012:role/write-access-role
folder_id Optional ID of folder to which the credential will be located
read_access Optional Control where this credential can be used (TEAM, GLOBAL, SPECIFIC_TEAMS). default: TEAM. (SPECIFIC_TEAMS is a premium feature. Reach out to find out more.)
shared_team_slugs Optional List of teams' slugs where this credential can be used. Required to set read_access to SPECIFIC_TEAMS. default: [] (empty array).
description Optional Description of the credential. default: "" (empty string)
metadata Optional Key/value metadata relevant to the credential that can be referenced via the INFO path.
allowed_hosts Optional Array of domains where this credential can only be used in HTTP requests. Domain matching supports wildcards.

Sample request

curl -X POST \
  https://<<META.tenant.domain>>/api/v1/user_credentials \
  -H 'content-type: application/json' \
  -H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>' \
  -d '{
        "name": "aws credential",
        "mode": "AWS",
        "team_id": 2,
        "aws_authentication_type": "ROLE",
        "aws_access_key": "v_access_key",
        "aws_secret_key": "v_secret_key",
        "aws_assumed_role_arn": "v_role_arn"
    }'

Response

A successful request will return a JSON object describing the created credential.

Field description

Parameter Description
id credential ID.
name Name of the credential.
mode Describes the type of credential (TEXT, JWT, OAUTH, AWS, MTLS, HTTP_REQUEST_AGENT).
team_id ID of team to which the credential belongs.
folder_id ID of folder to which the credential belongs.
read_access Control where this credential can be used (TEAM, GLOBAL, SPECIFIC_TEAMS).
shared_team_slugs List of teams' slugs where this credential can be used when read_access is SPECIFIC_TEAMS, otherwise empty.
description Description of the credential.
slug An underscored representation of the credential name
created_at ISO 8601 Timestamp representing date and time the credential was created.
updated_at ISO 8601 Timestamp representing date and time the credential was last updated.
aws_assumed_role_external_id External ID generated for the remote role in your AWS account.
aws_authentication_type The authentication method with AWS, key-based-access or role-based-access(KEY, ROLE, INSTANCE_PROFILE)
allowed_hosts Array of domains where this credential can only be used in HTTP requests.
metadata Key/value metadata relevant to the credential

Sample response

{
  "id": 1,
  "name": "tines_api_credential",
  "mode": "AWS",
  "team_id": 2,
  "folder_id": 1,
  "read_access": "TEAM",
  "shared_team_slugs": [],
  "slug": "tines_api_credential",
  "created_at": "2021-03-26T12:34:16.540Z",
  "updated_at": "2021-03-26T12:34:16.540Z",
  "description": "",
  "aws_assumed_role_external_id": "1e52dbcf-3621-4969-9bf6-3fd2699db84b",
  "aws_authentication_type": "ROLE",
  "allowed_hosts": [],
  "metadata": {}
}
Was this helpful?