mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-24 15:09:39 -05:00
add brief instructions to AWS IAM Terraform script (#478)
* add brief instructions to AWS IAM Terraform script * Update README.md
This commit is contained in:
parent
34435e4396
commit
d3150a80ac
@ -1,6 +1,31 @@
|
||||
# IAM
|
||||
# IAM instance profiles for AWS
|
||||
|
||||
## iamlive
|
||||
This terraform script creates the necessary profiles that need to be attached to Constellation nodes.
|
||||
|
||||
You can create the profiles with the following commands:
|
||||
|
||||
```sh
|
||||
mkdir constellation_aws_iam
|
||||
cd constellation_aws_iam
|
||||
curl --remote-name-all https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/terraform/aws/iam/{main,output,variables}.tf
|
||||
terraform init
|
||||
terraform apply -auto-approve -var name_prefix=my_constellation
|
||||
```
|
||||
|
||||
You can either get the profile names from the Terraform output values `control_plane_instance_profile` and `worker_nodes_instance_profile` and manually add them to your Constellation configuration file.
|
||||
|
||||
Or you can do this with a `yq` command:
|
||||
|
||||
```sh
|
||||
yq -i "
|
||||
.provider.aws.iamProfileControlPlane = $(terraform output control_plane_instance_profile) |
|
||||
.provider.aws.iamProfileWorkerNodes = $(terraform output worker_nodes_instance_profile)
|
||||
" path/to/constellation-conf.yaml
|
||||
```
|
||||
|
||||
## Development
|
||||
|
||||
### iamlive
|
||||
|
||||
[iamlive](https://github.com/iann0036/iamlive) dynamically determines the minimal
|
||||
permissions to call a set of AWS API calls.
|
||||
|
Loading…
Reference in New Issue
Block a user