aws-controllers-k8s
IAM controller - I want to have an option to get access / secret key
Hi!
I am creating the user in automatic way:
apiVersion: iam.services.k8s.aws/v1alpha1
kind: User
metadata:
name: stackrox
spec:
name: stackrox
tags:
- key: env
value: uat
policies: []
inlinePolicies:
stackrox-1: >
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "securityhub:BatchImportFindings",
"Resource": "arn:aws:securityhub:eu-west-2::product/stackrox/kubernetes-security"
}
]
}
stackrox-2: >
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "securityhub:GetFindings",
"Resource": "arn:aws:securityhub:eu-west-2:474417630776:hub/default"
}
]
}
I have a Stackrox, which will be running under this user - it is a k8s security platform. https://www.stackrox.io Unfortunately, it consumes only Account ID + access key + secret key pair. So I want to have a programmatic way to manage the access keys and retrieve them from User object.
Issues go stale after 180d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 60d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle stale
Issues go stale after 180d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 60d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle stale
might i add that i would not want the creds to be part of the user object, but in a separate Secret
Issues go stale after 180d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 60d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle stale