stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Closed gmaghera closed 1 year ago
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
gmaghera
commented
1 year ago Bump
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Currently there are two ways to configure the app, either with an IAM user (key and secret) or by supplying a role, perhaps in addition to the IAM user.
This practice is becoming outdated in favor of using an IAM role for service account (IRSA), at least with AWS EKS clusters. Would it be possible to leave the configuration of the identity to the underlying system? It should be less code. Following the IRSA setup steps, one could deploy a pod which has an IAM role as its identity and the Go SDK should just pick up on it.
The code around here would have to be changed a bit. https://github.com/camptocamp/terraboard/blob/056ca947f4cdff34d903108e59b4d089e7367f1e/state/aws.go#L45-L58
See https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/