search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
281 stars 201 forks source link

Attach "AssumeRoleWithWebIdentity" and SSM IAM policies to platform-atlas service account. #71316

Open RachalCassity opened 10 months ago

RachalCassity commented 10 months ago

In the new EKS clusters, each application will its own SecretStore. The application's service account will need to have AssumeRoleWithWebIdentity and SSM IAM policies attached to the service account so the Secret Store can communicate with the AWS Parameter Store.

Success Metrics

Tasks

jennb33 commented 4 months ago

@RachalCassity pulled this on 5/30/2024: role_arn: arn:aws-us-gov:iam::008577686731:user/service_account/svc-gha-platform-atlas #