AWS amazonq medium security documentation change
Summary
Added detailed Atlassian admin authentication requirements and API credential management
Security assessment
Introduces mandatory admin credential requirements to ensure proper access controls for user/group synchronization. Addresses potential security gap where insufficient permissions could lead to incomplete data synchronization
Diff
diff --git a/amazonq/latest/qbusiness-ug/confluence-cloud-credentials-basic.md b/amazonq/latest/qbusiness-ug/confluence-cloud-credentials-basic.md index a1fa49df0..990ce742a 100644 --- a//amazonq/latest/qbusiness-ug/confluence-cloud-credentials-basic.md +++ b//amazonq/latest/qbusiness-ug/confluence-cloud-credentials-basic.md @@ -4,0 +5,2 @@ +Atlassian Admin Authentication + @@ -37,0 +40,64 @@ For more information, see [Manage API tokens for your Atlassian account](https:/ +## Atlassian Admin Authentication + +To ensure Amazon Q can access all user and group information from your Confluence (Cloud) instance, you must provide Atlassian admin credentials. These credentials allow Amazon Q to sync user information regardless of individual email visibility settings. + +### Get your Atlassian admin credentials + + 1. Sign in to the [Atlassian admin portal](https://admin.atlassian.com/) with administrator permissions. + + 2. Open the Administration app for your organization. The URL should look like: `https://admin.atlassian.com/o/{ORGANIZATION-UUID}/overview` + + 3. Choose **Settings** , then choose **API Keys**. + + 4. Choose **Create API key**. + + 5. Select all available scopes for the API key. + +Note that the Confluence APIs that fetch user and group information require full scope access. + + 6. Copy and save both the **Organization ID** and **API Key**. Note that API keys expire. Monitor the expiration date and update your data source credentials before the key expires. + + + + +### Get your Directory ID + + 1. Use the Atlassian Admin Workspace API to get your Directory ID. Run the following command: + + curl --request POST \ + --url 'https://api.atlassian.com/admin/v2/orgs/{ORGANIZATION-ID}/workspaces' \ + --header 'Authorization: Bearer {API-KEY}' \ + --header 'Accept: application/json' \ + --header 'Content-Type: application/json' + + + 2. In the API response, find the workspace entry that matches your Confluence Cloud instance. Look for `"type": "Confluence"`. Verify the workspace name matches your instance and then copy the directory value from the attributes section. If your instance isn't listed, use the pagination cursor in the `links.next` field to view additional pages. + + curl --request POST \ + --url 'https://api.atlassian.com/admin/v2/orgs/{ORGANIZATION-ID}/workspaces' \ + --header 'Authorization: Bearer {API-KEY}' \ + --header 'Accept: application/json' \ + --header 'Content-Type: application/json' \ + --data '{"cursor": "{NEXT-PAGE-TOKEN}"}' + + + + + +### Update your Confluence data source + +When creating or updating your Confluence Cloud data source, provide these three values in your AWS Secrets Manager secret: + + 1. Admin API Key + + 2. Organization ID + + 3. Directory ID + + + + +For more information about Atlassian admin API scopes, see [Atlassian API scopes documentation](https://developer.atlassian.com/cloud/admin/scopes/). + +For API details, see [Atlassian Admin Workspace API reference](https://developer.atlassian.com/cloud/admin/organization/rest/api-group-workspaces/#api-group-workspaces). +