Yields temporary credentials for an assumed role with the Atlassian user name and an optional IAM policy to further restrict the permissions granted by the role – Learn more.
Yields temporary credentials for a federated user with the Atlassian user name and an optional, but typically required IAM policy – Learn more.
If you do not pass a policy, the resulting credentials have no effective permissions, except when they are used with a resource that has a resource-based policy that specifically grants the federated user access.
Yields temporary credentials for the access key itself, with permissions matching those from the associated IAM user (recommended) or AWS root account (disadvised) – Learn more.
The principal type IAM User (session token) is rarely needed and does not allow to specify IAM policies or distinguish users – use Federated User instead.