En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Using AWS CLI in automation without MFA token

0

We have a requirements as below this we are doing manually and using MFA token but for production it is not a feasible solution. In the ROSA cluster, we will have a Kubernetes Job that will perform these tasks:

  1. download the AWS CLI v2
  2. invoke some AWS CLI operations on MSK, S3, KDA (Kinesis Data Application) and maybe OpenSearch. Can you please help how we can achieve this.
Sujets
AnalytiqueGestion et gouvernanceDevOpsInternet des objets (IoT)
Balises
AnalytiqueInterface à ligne de commande AWSDevOpsAmazon Kinesis
Langue
English
AWS-User-2896749
demandé il y a 2 ans394 vues
1 réponse
0
Réponse acceptée

Hi. It looks like RedHat is responsible for most of the IAM setup for the ROSA cluster itself: https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html-single/setting_up_accounts_and_clusters/index#rosa-aws-prereqs_prerequisites. What I'm guessing is that the permissions should be tied to an AWS IAM Role either for the ec2 instance or for Kubernetes.

In this case, I would reach out to your RedHat support team. With AWS IAM Roles, these can't have MFA configured and then you can explain to your security team that it isn't possible to have MFA for that AWS IAM Role that the cluster may use. However, you may want to check RedHat's access with your security team to see if there is a requirement to have MFA on vendor access to your AWS Account.

jsonc
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents