Skip to content
JITSudo Docs

Generate CFN + Terraform bootstrap artifacts for an AWS IAM Identity Center role

POST
/v1/integrations/aws-identity-center/bootstrap-template
 
curl --request POST \
  --url https://example.com/v1/integrations/aws-identity-center/bootstrap-template \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-Tenant-ID: 2489E9AD-2EE2-8E00-8EC9-32D5F69181C0' \
  --data '{ "aws_account_id": "123456789012", "sso_instance_arn": "arn:aws:sso:::instance/ssoins-abcdef0123456789", "region": "us-east-1" }'

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Header Parameters

Section titled “Header Parameters ”
X-Tenant-ID
required
string format: uuid

Tenant identifier. Must match the tenant associated with the credential. Returns 403 tenant_mismatch if the credential and header belong to different tenants.

Request Body required

Section titled “Request Body required ”
Media type application/json
object
aws_account_id
required
string
/^[0-9]{12}$/
Example 
123456789012
sso_instance_arn
required
string
/^arn:aws:sso:::instance/ssoins-[0-9a-f]+$/
Example 
arn:aws:sso:::instance/ssoins-abcdef0123456789
region
required
string
Example 
us-east-1

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Rendered bootstrap artifacts

Media type application/json
object
cloudformation_yaml
required

Full CFN YAML body, UTF-8.

string
terraform_hcl
required

Full Terraform HCL body, UTF-8.

string
launch_stack_url
required

AWS console deep-link to launch the stack.

string format: uri
external_ids
required

Array of trusted ExternalIds. One element at steady state, two during rotation.

Array<string>
Example generated
{
  "cloudformation_yaml": "example",
  "terraform_hcl": "example",
  "launch_stack_url": "https://example.com",
  "external_ids": [
    "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"
  ]
}

400

Section titled “400 ”

Invalid input

Media type application/json
object
code
required

Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).

string
message
required

Human-readable description of the error.

string
details

Optional additional context about the error.

object
key
additional properties
any
notices

Policy notices from determining Cedar rules, if applicable.

Array<string>
Example generated
{
  "code": "example",
  "message": "example",
  "details": {},
  "notices": [
    "example"
  ]
}

401

Section titled “401 ”

Unauthenticated

Media type application/json
object
code
required

Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).

string
message
required

Human-readable description of the error.

string
details

Optional additional context about the error.

object
key
additional properties
any
notices

Policy notices from determining Cedar rules, if applicable.

Array<string>
Example generated
{
  "code": "example",
  "message": "example",
  "details": {},
  "notices": [
    "example"
  ]
}