View a markdown version of this page

Connect a Confluence data source - Amazon Bedrock
Create the data sourceConnector parametersChange the authentication methodNext steps

Connect a Confluence data source

After you set up authentication and store your credentials in an AWS Secrets Manager secret, create the Confluence data source in your knowledge base. This page describes how to create the data source with the AWS Management Console or the API, followed by a reference for the connector parameters you can configure.

Note

Complete authentication setup first. See Set up Basic authentication for Confluence or Set up OAuth 2.0 authentication for Confluence. You need the secret ARN and the Confluence host URL.

Create the data source

Console
To connect Confluence to your managed knowledge base

  1. Under Data source, provide a name for your data source.

  2. Select Confluence from the data source dropdown.

  3. Under Source, enter your Confluence URL (for example, https://example.atlassian.net).

  4. Under Authentication, select Basic authentication or OAuth 2.0 authentication.

  5. Select or create an AWS Secrets Manager secret to store your credentials.

  6. (Optional, Basic auth only) To enable document-level access control, select Control document access with ACLs. The secret you select must include adminApiKey, organizationId, and directoryId. This option cannot be changed after creation. For details, see Document-level access controls.

  7. (Optional) Expand Sync scope to choose which entity types to crawl (pages, blogs, page attachments, blog attachments, archived spaces, archived pages, personal spaces).

  8. (Optional) Expand Entity URLs to use URL-based filtering to sync specific Confluence spaces, pages, and blogs.

  9. (Optional) Expand Mime types regex pattern to include or exclude specific MIME types.

API

To create a Confluence data source, send a CreateDataSource request with an Agents for Amazon Bedrock build-time endpoint. The following AWS Command Line Interface example creates a data source that uses Basic authentication. To use OAuth 2.0 instead, change authType to OAUTH2. To enable document-level access control, set aclEnabled to true. For a description of each field, see the connector parameters reference that follows.

aws bedrock-agent create-data-source \
 --name "Confluence-connector" \
 --knowledge-base-id "your-knowledge-base-id" \
 --data-source-configuration file://confluence-managed-connector.json

The confluence-managed-connector.json file contains the following:

{
    "type": "MANAGED_KNOWLEDGE_BASE_CONNECTOR",
    "managedKnowledgeBaseConnectorConfiguration": {
        "connectorParameters": {
            "type": "CONFLUENCE",
            "version": "1",
            "aclEnabled": false,
            "connectionConfiguration": {
                "secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:bedrock-confluence-basic-creds",
                "type": "SAAS",
                "authType": "BASIC",
                "hostUrl": "https://example.atlassian.net"
            },
            "dataEntityConfiguration": {
                "crawlPage": true,
                "crawlBlog": true,
                "crawlPageAttachment": true,
                "crawlBlogAttachment": true
            },
            "filterConfiguration": {
                "inclusionSpaceKeys": ["ENG", "DOCS"]
            }
        }
    }
}

For managed knowledge bases, CreateDataSource is asynchronous: the data source status transitions from CREATING to AVAILABLE when the operation completes.

Connector parameters

The data source configuration uses the following connector parameters. To connect to Confluence, specify CONFLUENCE as the connector type in connectorParameters. For the fields that wrap connectorParameters (such as deletionProtectionConfiguration and mediaExtractionConfiguration), see Connect a data source.

Set aclEnabled explicitly

If you omit aclEnabled, the default depends on authType: BASIC defaults to true, and OAUTH2 defaults to false. Because ACL configuration is permanent after the data source is created, set aclEnabled explicitly so the data source has the access-control behavior you intend. For details, see Document-level access controls.

connectionConfiguration
Field Required Description
secretArn Yes The ARN of the AWS Secrets Manager secret containing your Confluence credentials.
type Yes The Confluence deployment type. Set to SAAS. Confluence Server and Data Center are not supported.
authType Yes The authentication type. Set to BASIC or OAUTH2. See Authentication methods.
hostUrl Yes The base URL of your Confluence Cloud instance (for example, https://example.atlassian.net).
dataEntityConfiguration (optional)
Field Required Description
crawlPage No Whether to crawl pages.
crawlBlog No Whether to crawl blog posts.
crawlPageAttachment No Whether to crawl page attachments. Crawled only when crawlPage is also true.
crawlBlogAttachment No Whether to crawl blog post attachments. Crawled only when crawlBlog is also true.
crawlArchivedSpace No Whether to crawl archived spaces.
crawlArchivedPage No Whether to crawl archived pages.
crawlPersonalSpace No Whether to crawl personal spaces.
filterConfiguration (optional)
Field Required Description
inclusionSpaceKeys No Space keys to include.
inclusionSpaceUrls No Space URLs to include.
inclusionMimeTypes No MIME types to include.
exclusionMimeTypes No MIME types to exclude.
maxFileSizeInMegaBytes No Maximum size, in megabytes, of any single file the connector ingests. Provide as a numeric string (for example, "500"). Defaults to "500".
aclEnabled (optional)
Field Required Description
aclEnabled No Whether document-level access control is enabled. Set to true to enable, or false to disable. If you omit this field, the default depends on authType: BASIC defaults to true; OAUTH2 defaults to false. ACL on BASIC requires a secret that includes Atlassian organization admin credentials. You cannot change this setting after you create the data source. For details, see Document-level access controls.

Change the authentication method

You can change a data source's authentication method (for example, from OAuth 2.0 to Basic) by updating the data source with the new authType and a secret that contains the matching credentials, using the UpdateDataSource operation or the AWS Management Console. The document-level access control setting is fixed when you create a data source, so to add or remove ACLs you must create a new data source.

Next steps

After you create the data source, sync it to ingest content into your knowledge base. For details, see Sync a data source. To filter query results by user permissions, see Document-level access controls.