AWS

​

Creating an AWS connection​

​

Method 1: AWS Assume Role​

1. In your AWS account, create a new AWS role.

2. Set up your trusted identity to allow Blink AWS account permission to assume your role, using Blink’s account ID: 508219855436. Select the Require external ID checkbox > Fill in the External ID provided in the connection creation in step 1.

   Configuration in AWS screenshot

3. In the Blink platform, add the permissions required for your AWS actions.

4. Create the connection by completing the My Connection form, filling in the created Role’s ARN.

​

Method 2: AWS Assume Role + Key​

This authentication method should be used when:

1. You prefer to connect Blink to your account using an access key (similar to method #3).
2. Unlike method #3, the permissions you want to grant in Blink are not assigned directly to the access key’s identity, but instead to an AWS role.

To use this option, first follow the steps in method #3 to create an access key. Then, proceed with the steps in method #1 to create a role and associate it with the access key’s identity.

​

Advanced connection options​

​

Method 3: AWS Access Key​

To create an access key and secret access key, follow these instructions.

​

Method 4: Connection by Runner’s Identity​

You can perform authenticated AWS actions by assigning a role to a self-hosted Blink Runner.

To configure this authentication method, follow these steps:

1. If you haven’t already, install a self-hosted Blink runner within your AWS environment.

2. Assign an AWS role to your runner, using one of these methods:

3. Assign an AWS role to your Runner, using one of these methods:

   • For an EC2 Based Runner, assign a role to the EC2 instance.
   • For a K8S Based Runner, assign the role to the pod’s service account.

4. In a Blink workflow, use AWS steps without specifying a particular connection (leave the connection dropdown unselected) to leverage identity-based authentication.

​

Security Best Practices​