[FOLIO-2077] Create AWS role for cluster deployment Created: 05/Jun/19  Updated: 03/Jun/20  Resolved: 02/Jul/19

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P2
Reporter: Wayne Schneider Assignee: John Malconian
Resolution: Done Votes: 0
Labels: platform-backlog
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-2053 add AWS K8s deployment configuration ... Closed
Sprint: CP: sprint 66, CP: sprint 67
Story Points: 2
Development Team: Core: Platform

 Description   

Deploying a cluster on AWS requires a specific set of permissions, both if deploying under EKS and if deploying using Rancher for node orchestration. A role should be set up in FOLIO's AWS account so we can delegate the setup and documented in folio-install.



 Comments   
Comment by John Malconian [ 02/Jul/19 ]

A dedicated IAM user has been added with the appropriate permissions to create clusters via Rancher. Official Rancher documentation is very vague and unspecific about what permissions are needed so its very trial and error. The user definitely needs the EKS admin permissions which are available as an AWS managed policy and some subset of EC2 write permissions although for the sake of expediency, I've probably granted more permissions than actually necessary.

In addition to the user permissions, there is a dedicated Service Role called 'eksServiceRole' that can be specified for every cluster configuration as well as a worker node role that is automatically created.

Generated at Thu Feb 08 23:18:02 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.