search

servicemesh-es / servicemesh.es

Source for http://servicemesh.es
Other
41 stars 30 forks source link

AWS AppMesh and Authorization #46

Closed jgrumboe closed 3 years ago

jgrumboe commented 3 years ago

In the table you state that AWS AppMesh doesn't support Authorization as Security feature and link to a still open GH issue. But aren't Idenity based access rules counting as "Authorization"? https://docs.aws.amazon.com/app-mesh/latest/userguide/security_iam_service-with-iam.html

HPrinz commented 3 years ago

Hi @jgrumboe! Good question. The authorization row in the table was meant to describe capabilities on a service-to-service level ("service A can talk to service be on path /api"). IAM in AWS definitely count as Authorization, but on a user basis ("user A can create new App Mesh policies"). Most meshes do rely on Kubernetes RBAC for this kind of authorization feature. I think the information of IAM-support is definitely valueable. so I will ad this information with the link to the table. Thanks for opening this issue 👍

jgrumboe commented 3 years ago

HI @HPrinz , Thanks for your response. You're right, probably I mixed up authorization to the servicemesh with "service-to-service" authorization, so IAM isn't the right answer. (Disclaimer: I'm not using AWS AppMesh right now, just reading the docs)

I found this docs and walkthrough which would probably prove that service-to-service authorization is available within AWS AppMesh (although it's not directly integrated into K8s RBAC I guess): https://docs.aws.amazon.com/app-mesh/latest/userguide/mutual-tls.html https://github.com/aws/aws-app-mesh-examples/tree/master/walkthroughs/howto-mutual-tls-file-provided

Best regards, Jo