How do I configure roles to deploy my solution with the AWS Service Management Connector for Jira Service Desk?
Last updated: 2020-08-05
I want my Jira Service Desk end users to provision AWS resources from Atlassian's Jira Service Desk. How do I set up the AWS Service Management Connector to achieve this?
To allow end users to deploy AWS solutions from Atlassian's Jira Service Desk, administrators must set up baseline permissions in each AWS account by deploying the AWS CloudFormation template for either the AWS Commercial Regions or AWS GovCloud (US-West) AWS Region.
Note: The following steps assume that you already have the AWS Service Management Connector for Jira Service Desk installed in Jira.
Deploy the AWS CloudFormation template for baseline permissions
- Download the AWS CloudFormation template for either the AWS Commercial or AWS GovCloud (US-West) Region. To download the templates, see Baseline permissions, and download either Connector for Jira Service Desk v1.5.0 - AWS Commercial Regions or Connector for Jira Service Desk v1.5.0 - AWS GovCloud West Region.
- Open the AWS CloudFormation console, and then choose Create stack.
- In the Specify template section, for Template source, choose Upload a template file.
- For Upload a template file, choose Choose file, and then provide the path to the downloaded template file from step 1.
- Choose Next.
- On the Specify stack details page, for Stack name, enter a stack name (such as JSDConnectorStack).
- In the Parameters section, for Roles, choose true or false for the Enable Stack Set roles option depending on whether you want to launch products with AWS CloudFormation StackSets.
Note: If you already created AWS CloudFormation StackSet administration and execution roles or you don't intend to launch products with AWS CloudFormation StackSets, then you can leave the value of Roles set to false.
- On the Configure stack options page, choose Next.
- On the Review page, select the I acknowledge that AWS CloudFormation might create IAM resources with custom names check box.
- Choose Create Stack.
- After the stack reaches the CREATE_COMPLETE state, choose your stack, and then choose the Outputs tab to view the access key and corresponding secret keys of the SCEndUser and SCSyncUser AWS Identity and Access Management (IAM) users.
Note: You will need these keys to configure the connector from Jira Service Desk later on.
Configure AWS accounts and Regions in Jira Service Desk
Important: The following steps are for Jira Service Desk Server and Data Center versions, referenced in Jira Service Desk supported versions and releases. For the corresponding steps in Jira Service Desk Cloud, see Integrate Jira Service Desk Cloud with AWS Service Catalog on the Jira Service Desk Support website.
- In Jira Service Desk, choose the Jira administration icon, and then choose Manage apps.
- In the navigation pane, in the AWS SERVICE CATALOG section, choose AWS accounts.
- Choose Connect new account.
- Provide an alias for the AWS account that you're connecting to.
- Enter the access key and secret key corresponding to the SCSyncUser and SCEndUser that you created earlier in your AWS CloudFormation stack.
Note: To find the access key and secret key values in the AWS CloudFormation console, choose your stack, and then choose the Outputs tab.
- Add AWS Regions containing AWS Service Catalog products and portfolios that you want available in Jira Service Desk.
- To validate the configuration, choose Test Connectivity.
- To save the account connection after establishing a successful connection, choose Connect.
Troubleshoot connectivity issues
If the connectivity test fails, you can receive either of the following errors:
- Unable to access products as admin, with SC Sync User. This error indicates that the credentials entered for the SC Sync User didn't contain the required permissions to access Service Catalog details in the account. To resolve this error, confirm that the access keys of the SC Sync User match the access keys of the SC End Users, and correspond to the access keys lists in the Outputs tab of your AWS CloudFormation stack.
- Unable to retrieve basic account ID info for SC Sync User or SC End User. This error indicates that the SC Sync or SC End User can't authenticate with IAM. To resolve this issue, verify that user access keys are entered correctly. Also, verify that user access keys haven't been replaced or revoked in IAM.