polkadot-deployer icon indicating copy to clipboard operation
polkadot-deployer copied to clipboard

Published 20 hours ago verified publisher icon w3f

Add configuration options for admin access in AWS EKS clusters

Open fgimenez opened this issue 6 years ago • 0 comments

We should add a configuration option in which we could define an array of admin users' ARN:

"awsAdminUserARNs": [
  "arn:aws:iam::555555555555:user/admin",
  "arn:aws:iam::111122223333:user/ops-user",
  ...
]

Then modify this template https://github.com/w3f/polkadot-deployer/blob/master/terraform/aws/outputs.tf#L2-L14 to include them under a mapUsers entry. At the end the configmap should look like:

apiVersion: v1
data:
  mapRoles: |
    - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes
  mapUsers: |
    - userarn: arn:aws:iam::555555555555:user/admin
      username: admin
      groups:
        - system:masters
    - userarn: arn:aws:iam::111122223333:user/ops-user
      username: ops-user
      groups:
        - system:masters
  ...

Details here https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

fgimenez avatar Oct 25 '19 15:10 fgimenez