Overview

  • Updated On May 14, 2026
  • Published on May 1, 2025
Prev Next

To connect DDOE with your AWS environment, several integration methods are available, each offering a different balance of security, control, and ease of setup. The three most common types are Cross-Account, STS (Security Token Service), and Access Key integrations. Choosing the right method depends on your use case, security requirements, and operational preferences. Below is a breakdown of each integration type to help guide your implementation.

Who can create?

Only users with the Organization Admin or Owner roles are authorized to create integrations. Learn more

Cross-Account Integration

Security Level: ⭐⭐⭐⭐⭐ (High)

Cross-Account integration allows DDOE to assume a role in your AWS account via AWS Identity and Access Management (IAM), without sharing long-term credentials. You configure a trust relationship that grants limited, controlled access to specific resources. We recommend selecting Cross-Account as the integration type. It is AWS’s most secure option and provides enhanced protection for your data.

Setup Includes:

  • An IAM Role in your AWS account.

  • A Trust Policy allowing the DDOE AWS account to assume that role.

  • Use of an IAM Role ARN only — no need to share secrets.

Best For:

  • Enterprise environments

  • Fine-grained access control

  • Auditable, temporary credentials

STS Integration

Security Level: ⭐⭐⭐☆☆ (Moderate)

AWS STS (Security Token Service) provides temporary credentials by allowing a trusted client (DDOE) to assume a role using API calls. This setup usually involves:

  • Supplying an Access Key, Secret Key, and Role ARN.

  • DDOE uses the credentials to call AWS STS, which returns short-lived tokens.

Setup Includes:

  • IAM User credentials (Access Key + Secret)

  • Target IAM Role with necessary permissions

  • Role ARN to be assumed using AssumeRole

Best For:

  • Use cases requiring temporary, scoped access

  • Intermediate security setups

  • Scenarios where Cross-Account isn't feasible

Access Key Integration

Security Level: ⭐☆☆☆☆ (Low)

The simplest form of integration — where long-term AWS credentials (Access Key ID and Secret Access Key) are provided directly to DDOE. While easy to set up, it presents higher risk if credentials are mishandled.

Setup Includes:

  • IAM User with necessary permissions

  • Access Key ID

  • Secret Access Key

Considerations:

  • Credentials are long-lived unless rotated manually.

  • Higher risk of unauthorized access if leaked.

  • Best used in non-production or isolated environments.

Best For:

  • Quick testing or prototyping

  • Limited-scope or temporary environments.

Copyright © 2026 Dell Inc.