You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 19, 2021. It is now read-only.
Right now the service will use the credentials (from wherever) and manage resources through these. If one wants to manage resources for multiple accounts, one needs to bring up multiple services, and provide them with suitable credentials.
Theoretically one can also see a world where the resource "somehow" specifies an account (possibly through a role reference), and the service would then use sts:AssumeRole (or ChainableTemporaryCredentials) for accessing this specific resource.
The upside here would be that one needs fewer service instances (which mostly do nothing) to manage a diverse set of resources. On the downside the issue is that it deviates considerably from the current "basically cloudformation as a operator" approach, and as such we would likely be hitting "interesting" problems.
The text was updated successfully, but these errors were encountered:
Quick idea: The account/role reference should be an annotation, not a field in the resource spec. This at least gives us a bit of flexibility with the API.
Given that one needs a role ARN for the credentials/sts:AssumeRole API we definitely should use that, and not try to specify an "account", "region", and "role name" separately.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Right now the service will use the credentials (from wherever) and manage resources through these. If one wants to manage resources for multiple accounts, one needs to bring up multiple services, and provide them with suitable credentials.
Theoretically one can also see a world where the resource "somehow" specifies an account (possibly through a role reference), and the service would then use sts:AssumeRole (or ChainableTemporaryCredentials) for accessing this specific resource.
The upside here would be that one needs fewer service instances (which mostly do nothing) to manage a diverse set of resources. On the downside the issue is that it deviates considerably from the current "basically cloudformation as a operator" approach, and as such we would likely be hitting "interesting" problems.
The text was updated successfully, but these errors were encountered: