-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* docs: create partial * docs: fix gitleak * docs: DOC-1528 (#5084) * docs: slack notification for release to production (gh-action) (#5083) * docs: slack notif draft for release gh-action * docs: amend slack notif description * docs: add slack notification for all jobs in release * docs: try ubuntu as runs-on * docs: set runs-on tags back * docs: fix URL formatting for slack notif * docs: remove test failure step * docs: add current step failure logic * docs: fix indentation * docs: add some step failures * docs: remove force failure * Apply suggestions from code review Co-authored-by: Karl Cardenas <[email protected]> --------- Co-authored-by: Karl Cardenas <[email protected]> * docs: add backlinks * docs: copy edits * docs: copy edit * Apply suggestions from code review Co-authored-by: Adelina Simion <[email protected]> * ci: auto-formatting prettier issues * docs: DOC-1518: Getting Started cleanup (#5042) * Initial Getting Started cleanup * Updates to Deploy Cluster Profile page * Minor parallel fix and package.json output update for deploy custom add-on pack tutorial * Updates to scale cluster section * Copying certain AWS changes over to other provider tutorials * Updated filter image for Azure clusters * ci: auto-formatting prettier issues * Optimised images with calibre/image-actions * Fixed ableism with see * ci: auto-formatting prettier issues --------- Co-authored-by: achuribooks <[email protected]> Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com> * chore: upgrade docusaurus-theme-openapi-docs plugin (#5111) * chore: upgrade docusaurus-theme-openapi-docs plugin * docs: trigger visual tests * docs: DOC-1529: Add PCP-3592 to release notes (#5103) * Add PCP-3592 to release notes * Minor correction --------- Co-authored-by: Karl Cardenas <[email protected]> Co-authored-by: Ben Radstone <[email protected]> Co-authored-by: Adelina Simion <[email protected]> Co-authored-by: lennessyy <[email protected]> Co-authored-by: Amanda Churi Filanowski <[email protected]> Co-authored-by: achuribooks <[email protected]> Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com> Co-authored-by: caroldelwing <[email protected]> (cherry picked from commit 3ddd13a) Co-authored-by: Lenny Chen <[email protected]>
- Loading branch information
1 parent
2628bb6
commit 6218d41
Showing
5 changed files
with
154 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
--- | ||
partial_category: self-hosted | ||
partial_name: sts-config | ||
--- | ||
|
||
{props.edition} allows tenants to use AWS Secret Token Service (STS) to add AWS cloud accounts to their {props.edition} environment. | ||
In order to do this, {props.edition} relies on another AWS cloud account that is configured on the {props.edition} instance | ||
to assume a custom role created on the tenant's AWS account. | ||
|
||
This custom role establishes a trust relationship between the tenant's AWS account and the AWS account bound to the {props.edition} instance. | ||
It allows the {props.edition}-bound AWS account to receive temporary credentials from the tenant's AWS account to deploy infrastructure in AWS using STS. For more information on how to add an AWS cloud account to a tenant using STS, refer to the <VersionedLink text="Add an AWS Account to Palette" url="/clusters/public-cloud/aws/add-aws-accounts/" /> guide. | ||
|
||
You must configure your {props.edition} instance with an STS AWS account before your tenants can add AWS cloud accounts | ||
to deploy clusters in AWS using STS. Without this configuration, the STS option will be greyed out when your tenants try to add an AWS account. | ||
|
||
## Prerequisites | ||
|
||
- Access to the {props.edition} system console. | ||
|
||
- The role of Root Administrator or Account Administrator. | ||
|
||
- An AWS IAM user that is allowed to assume cross-account IAM roles. | ||
|
||
## Enable Adding AWS Accounts Using STS | ||
|
||
1. Open a terminal session. | ||
|
||
2. Log in to the {props.edition} System API by using the `/v1/auth/syslogin` endpoint. | ||
Use the curl command below and replace the `example.com` placeholder URL with the URL of your {props.edition} instance. | ||
Ensure you replace the credentials below with your system console credentials. | ||
|
||
```shell | ||
TOKEN=$(curl --insecure --location 'https://example.com/v1/auth/syslogin' \ | ||
--header 'Content-Type: application/json' \ | ||
--data '{ | ||
"password": "**********", | ||
"username": "**********" | ||
}') | ||
``` | ||
|
||
3. Next, prepare a payload for the AWS account you want to configure. | ||
Use the following JSON payload as a template and replace the `accessKey`, `secretKey`, and `accountId` fields with the AWS access key, secret key, and account ID of your AWS account. | ||
|
||
```json | ||
CONFIG_JSON=$(cat <<EOF | ||
{ | ||
"accessKey": "**********", | ||
"secretKey": "**********", | ||
"accountId": "123456789" | ||
} | ||
EOF | ||
) | ||
``` | ||
|
||
This avoids exposing sensitive information in the command line. | ||
|
||
2. Issue the following command to invoke the {props.edition} API to configure the AWS account to your instance. | ||
|
||
<Tabs> | ||
|
||
<TabItem value="AWS"> | ||
|
||
```bash | ||
curl --request POST \ | ||
--url https://<palette-api-url>/v1/system/config/aws/account \ | ||
--header 'Authorization: $TOKEN' \ | ||
--data '$CONFIG_JSON' | ||
``` | ||
|
||
</TabItem> | ||
|
||
<TabItem value="AWS GOV"> | ||
|
||
```bash | ||
curl --request POST \ | ||
--url https://<palette-api-url>/v1/system/config/awsgov/sts/account \ | ||
--header 'Authorization: $TOKEN' \ | ||
--data '$CONFIG_JSON' | ||
``` | ||
|
||
</TabItem> | ||
|
||
</Tabs> | ||
|
||
|
||
## Validate | ||
|
||
Issue the following command to make an API call that confirms that the credentials were configured successfully. | ||
|
||
```bash | ||
curl --request POST \ | ||
--url https://<palette-api-url>/v1/system/config/aws/account \ | ||
--header 'Authorization: $TOKEN' | ||
``` | ||
|
||
If you receive a response that contains the payload you configured, the configuration was successful. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
.../docs-content/enterprise-version/system-management/configure-aws-sts-account.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
sidebar_label: "Enable Adding AWS Accounts Using STS " | ||
title: "Enable Adding AWS Accounts Using STS " | ||
description: "This page teaches you how to allow tenants to add AWS accounts using STS." | ||
icon: "" | ||
hide_table_of_contents: false | ||
sidebar_position: 20 | ||
tags: ["palette", "management", "account", "credentials"] | ||
keywords: ["self-hosted", "palette"] | ||
--- | ||
|
||
<PartialsComponent category="self-hosted" name="sts-config" edition="Palette" /> |
12 changes: 12 additions & 0 deletions
12
docs/docs-content/vertex/system-management/configure-aws-sts-account.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
sidebar_label: "Enable Adding AWS Accounts Using STS" | ||
title: "Enable Adding AWS Accounts Using STS " | ||
description: "This page teaches you how to allow tenants to add AWS accounts using STS." | ||
icon: "" | ||
hide_table_of_contents: false | ||
sidebar_position: 20 | ||
tags: ["palette", "management", "account", "credentials"] | ||
keywords: ["self-hosted", "vertex"] | ||
--- | ||
|
||
<PartialsComponent category="self-hosted" name="sts-config" edition="VerteX" /> |