StackState/Agent IAM role: EKS
StackState Self-hosted v5.1.x
Overview
If StackState or StackState Agent V3 are running within an AWS environment in an EKS cluster instance, an IAM role can be attached to the node-group where the pods stackstate-api
or stackstate-cluster-agent
are running.
stackstate-api
pod - the attached role can be used for authentication by StackState running in these pods.stackstate-cluster-agent
pod - the attached role can be used for authentication by StackState Cluster Agent running in this pod.
Set up IAM role for StackState/StackState Agent on EKS
To set up an IAM role for StackState or StackState Agent to use, follow the instructions below.
If you did not do so already, create a policy that allows the
AssumeRole
action for the resourcearn:aws:iam::*:role/StackStateAwsIntegrationRole
. Take note of the policy name.Find the node-group that contains nodes running the relevant pod or pods and create a node group role:
StackState on EKS:
stackstate-api
.StackState Agent on EKS:
stackstate-cluster-agent
.
Attach the policy from the first step to the node-group role from the previous step.
Policy for node group role Configure the StackPack instance or Agent AWS check to authenticate using the attached IAM role.
See also
Last updated