Authenticate with AWS IAM Role #78
Description
What problem are you facing?
Deploy the provider in a Crossplane inside AWS EKS and use AWS IRSA for authentication. However, I did not find docs to help me do it.
How could Crossplane help solve your problem?
Provide documentation on how to authenticate with AWS IAM Role.
After trying various ways to authenticate using SALS/SCRAM with AWS Secrets Managers User/Password method, as indicated here, and not getting it, I started reading the source code and found this.
So, the working credentials files is (brokers endpoints are generated by your AWS MSK Cluster):
{
"brokers": [
"b-1.<cluster-name>.xxxxx.xx.kafka.<region>.amazonaws.com:9098",
"b-2.<cluster-name>.xxxxx.xx.kafka.<region>.amazonaws.com:9098"
],
"sasl": {
"mechanism": "aws-msk-iam"
},
"tls": {
"insecureSkipVerify": false
}
}And least privilege AWS IAM Policy for using this Crossplane provider to manage Topics:
{
"Action": [
"kafka-cluster:Connect",
"kafka-cluster:CreateTopic",
"kafka-cluster:DeleteTopic",
"kafka-cluster:DescribeTopic",
"kafka-cluster:DescribeTopicDynamicConfiguration",
"kafka-cluster:AlterTopic",
"kafka-cluster:AlterTopicDynamicConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:kafka:<aws-region>:<aws-account-id>:cluster/<cluster-name>/<cluster-id>",
"arn:aws:kafka:<aws-region>:<aws-account-id>:topic/<cluster-name>/<cluster-id>/<topic-name>"
]
}Should a doc exist for this?