quickstarts icon indicating copy to clipboard operation
quickstarts copied to clipboard

Published 20 hours ago verified publisher icon dapr

Support for IRSA for AWS Components Specs

Open elamaran11 opened this issue 4 months ago • 0 comments

Describe the feature

Team -

I currently see that component specs with AWS integrations dont have support IRSA (IAM Roles for Service Account), rather we are expected to plug in the secret and access keys as part of the deployment for example like below and this basically increases the blast radius and also exposes keys to operator of the EKS Cluster. Appreciate if you can provide support for IRSA with all AWS Components implementation.

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: statestore
spec:
  type: state.aws.dynamodb
  version: v1
  metadata:
    - name: table
      value: "Orders"
    - name: accessKey
      secretKeyRef:
        name: statestore-secrets
        key: accessKey
    - name: secretKey
      secretKeyRef:
        name: statestore-secrets
        key: secretKey
    - name: region
      secretKeyRef:
        name: statestore-secrets
        key: region
    - name: partitionKey
      value: "orderId"

elamaran11 avatar Oct 18 '24 13:10 elamaran11