[FOLIO-2077] Create AWS role for cluster deployment Created: 05/Jun/19 Updated: 03/Jun/20 Resolved: 02/Jul/19 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P2 |
| Reporter: | Wayne Schneider | Assignee: | John Malconian |
| Resolution: | Done | Votes: | 0 |
| Labels: | platform-backlog | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | CP: sprint 66, CP: sprint 67 | ||||||||
| Story Points: | 2 | ||||||||
| Development Team: | Core: Platform | ||||||||
| Description |
|
Deploying a cluster on AWS requires a specific set of permissions, both if deploying under EKS and if deploying using Rancher for node orchestration. A role should be set up in FOLIO's AWS account so we can delegate the setup and documented in folio-install. |
| Comments |
| Comment by John Malconian [ 02/Jul/19 ] |
|
A dedicated IAM user has been added with the appropriate permissions to create clusters via Rancher. Official Rancher documentation is very vague and unspecific about what permissions are needed so its very trial and error. The user definitely needs the EKS admin permissions which are available as an AWS managed policy and some subset of EC2 write permissions although for the sake of expediency, I've probably granted more permissions than actually necessary. In addition to the user permissions, there is a dedicated Service Role called 'eksServiceRole' that can be specified for every cluster configuration as well as a worker node role that is automatically created. |