Skip to main content


AWS (Amazon Web Services) is a comprehensive, evolving cloud computing platform provided by Amazon that includes a mixture of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.

Creating an AWS connection

Method 1: AWS Access Key

To create an access key and secret access key, follow these instructions.

Method 2: AWS Assume Role

  1. In the Blink platform, create a new Assume Role connection and select AWS Assume Role for connection method.


  1. In your AWS account, create a new AWS role.

  2. Set up your trusted identity to allow Blink AWS account permission to assume your role, using Blink's account ID: 508219855436. Select the Require external ID checkbox. Fill in the external ID provided in the connection creation in step 1.

Configuration in AWS screenshot


  1. In the Blink platform, add the permissions required for your AWS actions.

  2. Create the connection by completing the My Connection form, filling in the created Role's ARN.



When using an on-perm runner instead of Blink's Blink Cloud runner, the trust relationship targets the installed runner's account and identity.

Advanced connection options

Method 3: AWS Assume Role + Key


This authentication method should be used when:

  1. You prefer to connect Blink to your account using an access key (similar to method #1).
  2. Unlike method #1, the permissions you want to grant in Blink are not assigned directly to the access key's identity, but instead to an AWS role.

To use this option, first follow the steps in method #1 to create an access key. Then, proceed with the steps in method #2 to create a role and associate it with the access key's identity.

Method 4: Connection by Runner's Identity


You can perform authenticated AWS actions by assigning a role to a self-hosted Blink Runner.

To configure this authentication method, follow these steps:

  1. If you haven't already, install a self-hosted Blink runner within your AWS environment.
  2. Assign an AWS role to your runner, using one of these methods:
  1. In a Blink automation, use AWS steps without specifying a particular connection (leave the connection dropdown unselected) to leverage identity-based authentication.

This method is only available for self-hosted runner installations, and not for the Blink cloud runner.

Security Best Practices

Please note:
  • We advise you to periodically rotate your AWS Access Keys if you are choosing it as a method to establish a connection.

  • We recommend scoping the associated IAM Policies tightly and grant access only to required actions and resources.