integration-service
latest
false
重要 :
请注意,此内容已使用机器翻译进行了本地化。 Integration Service 中提供的连接器包采用的是机器翻译的译文。 新发布内容的本地化可能需要 1-2 周的时间才能完成。
UiPath logo, featuring letters U and I in white

Integration Service 用户指南

上次更新日期 2025年10月14日

亚马逊网页服务身份验证

先决条件

要创建连接,您需要提供以下凭据:
  • 对于访问密钥身份验证方法:
    • 访问密钥 ID(用于连接到 Amazon Web Services 的访问密钥)
    • 秘密访问密钥(用于连接到 Amazon Web Services 的密钥)
    • 临时会话令牌(用于创建 AWS 客户端会话)
    • 区域(指定要连接到的 AWS 区域)
  • 对于访问密钥承担角色身份验证方法:
    • 访问密钥 ID(用于连接到 Amazon Web Services 的访问密钥)
    • 秘密访问密钥(用于连接到 Amazon Web Services 的密钥)
    • IAM 角色(指定 IAM 角色的名称)
    • 临时会话令牌(用于创建 AWS 客户端会话)
    • 区域(指定要连接到的 AWS 区域)
  • For UiPath Managed Cross-Account Assume Role authentication method:
    • IAM 角色 ARN
    • External ID
    • 区域(指定要连接到的 AWS 区域)

Creating an Access key assume role connection

要创建访问密钥承担角色连接,请首先执行以下步骤:

  1. 导航到AWS 控制台> IAM >角色
  2. 选择“创建角色”
  3. 选择“自定义信任策略”
  4. Attach the custom trust policy, as shown in the following code section:
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "<user ARN>"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "<user ARN>"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
  5. 添加需要分配给用户的权限。
  6. 填写所有必填详细信息,然后选择“创建”。
  7. 运行自动化的 UiPath 机器人必须部署在附加了指定 IAM 角色的 AWS EC2 实例中,如此所述。

Creating a UiPath Managed Cross-Account Assume Role connection

This type of connection uses temporary STS credentials instead of long-term IAM keys to securely access AWS resources (S3, EC2, DynamoDB, Bedrock). You only need to provide minimal inputs and complete a one-time AWS account setup, no IAM access keys or secrets required.

UiPath will create and manage a different IAM user per customer, guaranteeing that the AWS access will be isolated at the UiPath organisation level.

备注:

This authentication method supports only one role per customer. You can use the role to create multiple connections, but you cannot create multiple IAM roles for multiple connections.

To create a connection:

  1. Provide the ARN of the IAM Role that UiPath should assume.

    This Role ARN will be incorporated into an IAM user's permissions policy. The IAM user is created and managed by UiPath specifically and isolated for each customer.

  2. Configure IAM role's trust policy.

    Update the IAM Role trust policy to allow assumption by UiPath’s IAM user.

    • UiPath will share the ARN of its IAM user created specifically for your customer account.
    • You must add the UiPath IAM user ARN into the Principal element of the role’s trust policy.
    • We require an External ID as an extra safety safeguard in third-party access scenarios and to help prevent the confused deputy problem. This can be any string of your choosing. To configure it, add a condition with sts:ExternalId as in the example below. The External Id is passed to UiPath during the actual Integration Service connection creation.

      Example policy format: 

      {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "<UiPath IAM user ARN>"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "<your External Id>"
                }
            }
        }
    ]
}{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "<UiPath IAM user ARN>"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "<your External Id>"
                }
            }
        }
    ]
}
  3. Configure IAM role’s permission policies.

    例如:

    • S3: List/Get/Put on specific buckets.
    • Bedrock: InvokeModel, InvokeModelWithResponseStream.
    重要提示:

    The IAM role must be granted the minimum set of permissions required for your specific use case. For example, if the use case involves reading objects from an S3 bucket, the role should only have read-only access to that specific bucket. A sample policy for such a use case would look as follows: 

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ]
    }
  ]
}{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ]
    }
  ]
}
  4. Add the Amazon Web Services connection in Integration Service.

添加连接

要创建与 Amazon Web Services 实例的连接,您需要执行以下步骤:
  1. 从左侧栏中选择“Integration Service”。
  2. 从“连接器”列表中,选择“ Amazon Web Services ”。 您也可以使用搜索栏来缩小连接器的范围。
  3. 选择“连接到 Amazon Web 服务” 按钮。
  4. From the Authentication Type field, select one of the three options: Access key, Access key assume role, or UiPath Managed Cross Account Assume Role. By default, Access key is selected.


  5. 输入首选身份验证方法所需的凭据,然后选择“连接” 。

  6. 已添加您的连接。

此页面有帮助吗?

支持与服务
获取您需要的帮助
UiPath Academy
了解 RPA - 自动化课程
UiPath 论坛
UiPath Community 论坛
Uipath Logo
信任与安全
使用条款
隐私策略
Cookie 政策
© 2005-2025 UiPath。保留所有权利。