Step 1: Generate an Atlassian API token Step 2: (For ACLs) Get Atlassian organization admin credentials Step 3: Create the Secrets Manager secret Next steps

Set up Basic authentication for Confluence

Basic authentication (BASIC) is the recommended authentication method for a Confluence data source. The connector signs in with the email address of a Confluence user and an Atlassian API token (used in place of a password). It is the only authentication method that supports document-level access control (ACLs); ACLs also require Atlassian organization admin credentials in the same secret.

Step 1: Generate an Atlassian API token

Use the Confluence user account whose access you want the connector to use. The account must have access to all the spaces, pages, and blog posts you want to crawl.

Sign in to id.atlassian.com with the Confluence user account.
Choose Create API token, enter a label, and choose Create.
Copy the API token immediately and store it securely. The token is shown only once.

For more information, see Manage API tokens for your Atlassian account on the Atlassian website.

Step 2: (For ACLs) Get Atlassian organization admin credentials

Skip this step if you do not plan to enable document-level access control.

Document-level access control requires Atlassian organization admin credentials in addition to the user-level API token. Admin credentials let Amazon Bedrock resolve user and group memberships from your organization, regardless of individual email visibility settings. The admin credentials are different from the user API token and must come from an Atlassian organization administrator.

You need three values:

Atlassian organization admin values
Value	How to obtain it
`adminApiKey`	An Atlassian organization API key with the `read:directories:admin` and `read:workspaces:admin` scopes. Generate it at `admin.atlassian.com` under Settings → API keys (org admin only).
`organizationId`	The UUID of your Atlassian organization. Sign in to `admin.atlassian.com` and copy the ID from the URL: `admin.atlassian.com/o/{orgId}`.
`directoryId`	The UUID of the user directory for your Confluence workspace. Retrieve it with the Atlassian Admin Workspace API (`GET /v2/orgs/{orgId}/workspaces`) using the `adminApiKey` as a bearer token. Use the `directoryId` from the workspace that corresponds to your Confluence site.

Step 3: Create the Secrets Manager secret

Store the credentials in an AWS Secrets Manager secret with the following key-value pairs.

Without document-level access control


{
    "username": "your-confluence-email",
    "password": "your-atlassian-api-token",
    "hostUrl": "https://your-instance.atlassian.net"
}

With document-level access control


{
    "username": "your-confluence-email",
    "password": "your-atlassian-api-token",
    "hostUrl": "https://your-instance.atlassian.net",
    "adminApiKey": "your-atlassian-admin-api-key",
    "organizationId": "your-org-uuid",
    "directoryId": "your-directory-uuid"
}

Create the secret with the AWS Command Line Interface:


aws secretsmanager create-secret \
  --name bedrock-confluence-basic-creds \
  --secret-string file://secret.json

Record the secret ARN from the response. You use it as the data source secretArn.

Next steps

After you store the secret, create the data source with authType set to BASIC. See Connect a Confluence data source. To filter query results by user permissions, see Document-level access controls.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Confluence

Set up OAuth 2.0 authentication