StackState/Agent IAM role: EKS

StackState Self-hosted v5.1.x

PreviousStackState/Agent IAM role: EC2 NextPolicies for AWS

Last updated 1 year ago

StackState/Agent IAM role: EKS

StackState Self-hosted v5.1.x

Overview

If StackState or StackState Agent V3 are running within an AWS environment in an EKS cluster instance, an IAM role can be attached to the node-group where the pods stackstate-api or stackstate-cluster-agent are running.

stackstate-api pod - the attached role can be used for authentication by StackState running in these pods.
stackstate-cluster-agent pod - the attached role can be used for authentication by StackState Cluster Agent running in this pod.

Note: If the AWS Data Collection Account and the Monitor Account aren't a part of the same AWS organization, it isn't possible to authenticate using the attached IAM role in this way. For details see the AWS documentation on .

Set up IAM role for StackState/StackState Agent on EKS

To set up an IAM role for StackState or StackState Agent to use, follow the instructions below.

If you did not do so already, that allows the AssumeRole action for the resource arn:aws:iam::*:role/StackStateAwsIntegrationRole. Take note of the policy name.
Find the node-group that contains nodes running the relevant pod or pods and create a node group role:
- StackState on EKS: stackstate-api.
- StackState Agent on EKS: stackstate-cluster-agent.
Attach the policy from the first step to the node-group role from the previous step.
Configure the StackPack instance or Agent AWS check to .

StackState/Agent IAM role: EKS

StackState/Agent IAM role: EKS

Overview

Set up IAM role for StackState/StackState Agent on EKS

See also

Overview

Set up IAM role for StackState/StackState Agent on EKS

See also