Open RachalCassity opened 10 months ago
Per @RachalCassity this work may no longer be required; keep in the backlog. Currently we are all using the same AWS "SecretStore" role, and it is unknown if we are going to proceed with this ticket.
Closing, Rachal doesn't think we will need this. We can always re-create if we need to.
This ticket should happen after the EKS work is completed
In the new EKS clusters, each application will its own SecretStore. The application's service account will need to have AssumeRoleWithWebIdentity and SSM IAM policies attached to the service account so the Secret Store can communicate with the AWS Parameter Store.
Tasks