We are in the process of automating Atom installations (in AWS) for our various business areas. Each unit will have their own subaccount within the platform. Our automated installations will be using Cloud Formation to deploy a Linux instance and run the installer. Also, we will be using single sign on for all of our accounts. We need to ensure the Atoms are installed in the appropriate subaccount. As the process must be automated, there can be no manual interventions in order to complete the install (though the Admin will be responsible for creating the Environment in Boomi, once the Atom is installed).
If using credentials;
- If we are using SSO, there is no password available to pass via the install4j script. Is userName sufficient without password? (i.e. is SSO invoked during the install)?
- The installer requires accountId. We would need to have hard-coded account ids within the automation script to ensure matching the requester to their relevant account.
- One thought is to have a subaccount that can install Atoms for all accounts (with SSO disabled), then use that account with its credentials in the installer and pass in the proper account based on the requester.
If using a Token;
- Is there a REST service available that will allow Token creation for New Atom creation? (assuming SSO would be invoked on a REST call).
- We discussed having the subaccount admin request the Token and add it as a Tag (parameter) to the AWS install. However, as the Token is only good for 24 hours, there is a risk that the automation process (requires external approvals) may not run in time.