edify42
commented
4 years ago fyi this is a good article explaining the new permission model https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
Closed edify42 closed 3 years ago
edify42
commented
4 years ago fyi this is a good article explaining the new permission model https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
edify42
commented
4 years ago Hey @cmattoon monthly bump - Any thoughts on the above? I think the last time I checked the CI the docker config needed an update for the secret
Hey @cmattoon -
The current version of the code uses an outdated aws-sdk which doesn't support the AssumeRoleWithWebIdentity IAM call. The architecture also depends on the node running the container having access to the secrets.
I'm using your container on EKS with the OIDC identity stuff enabled which allows pods to assume roles in AWS, thus I can limit the permissions i need to set on a node.
I updated that with some other packages as well as the dependency system you were using before hand 😊
I think i'm also using a newer version of golang but that's not as important.
I'll write up the PR for this shortly.