René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Create an easy way to set up new roles and serviceaccounts for user applications","articleBody":"Right now when someone wants to create a new application and give it access to something in AWS we give them instructions on how to do it using \"IRSA\", the new mechanism for granting access to pods, but there's still quite a bit of manual work and confusion. I think we could simplify it by writing some terraform that would allow them to supply a list of service account names and corresponding AWS IAM policies, and we can create all the required resources. We can either just leave the list blank to start or maybe we could use it to create some of the service accounts we need for stuff we set up like `external-dns`.\n\nI imagine this could look like another file in `infrastructure/terraform/environments/\u003cenv\u003e/` maybe `application_iam_policy` where they can specify policy blocks like:\n```hcl\ndata \"aws_iam_policy_document\" \"my_application\" {\n  statement {\n    actions = [\n      \"whatever\",\n    ]\n\n    resources = [\"*\"]\n  }\n}\n```\n\nAnd then in `infrastructure/terraform/environments/\u003cenv\u003e/main.tf` in the vars we pass to `environment` we add a map of serviceaccount to policy like:\n\n```hcl\n  application_iam_policies = {\n    service_account = my_application\n    namespace       = app_namespace\n    policy          = aws_iam_policy_document.my_application\n  }\n```\n\nThen in the background we create the role for them. We can do something similar in `infrastructure/kubernetes` and accept a list of serviceaccounts and namespaces and create the service accounts for them.","author":{"url":"https://github.com/bmonkman","@type":"Person","name":"bmonkman"},"datePublished":"2020-08-25T19:31:08.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/69/zero-aws-eks-stack/issues/69"}