Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Using AWS CLI in automation without MFA token

0

We have a requirements as below this we are doing manually and using MFA token but for production it is not a feasible solution. In the ROSA cluster, we will have a Kubernetes Job that will perform these tasks:

  1. download the AWS CLI v2
  2. invoke some AWS CLI operations on MSK, S3, KDA (Kinesis Data Application) and maybe OpenSearch. Can you please help how we can achieve this.
Argomenti
AnalisiGestione e amministrazioneDevOpsInternet delle cose (IoT)
Tag
AnalisiInterfaccia a riga di comando AWSDevOpsAmazon Kinesis
Lingua
English
AWS-User-2896749
posta 2 anni fa394 visualizzazioni
1 Risposta
0
Risposta accettata

Hi. It looks like RedHat is responsible for most of the IAM setup for the ROSA cluster itself: https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html-single/setting_up_accounts_and_clusters/index#rosa-aws-prereqs_prerequisites. What I'm guessing is that the permissions should be tied to an AWS IAM Role either for the ec2 instance or for Kubernetes.

In this case, I would reach out to your RedHat support team. With AWS IAM Roles, these can't have MFA configured and then you can explain to your security team that it isn't possible to have MFA for that AWS IAM Role that the cluster may use. However, you may want to check RedHat's access with your security team to see if there is a requirement to have MFA on vendor access to your AWS Account.

jsonc
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente