Using AWS CLI in automation without MFA token

Question

We have a requirements as below this we are doing manually and using MFA token but for production it is not a feasible solution.
In the ROSA cluster, we will have a Kubernetes Job that will perform these tasks:
1) download the AWS CLI v2
 2)  invoke some AWS CLI operations on MSK, S3, KDA (Kinesis Data Application) and maybe OpenSearch.
 Can you please help how we can achieve this.

Accepted Answer

Hi.  It looks like RedHat is responsible for most of the IAM setup for the ROSA cluster itself: https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html-single/setting_up_accounts_and_clusters/index#rosa-aws-prereqs_prerequisites.  What I'm guessing is that the permissions should be tied to an AWS IAM Role either for the ec2 instance or for Kubernetes.

In this case, I would reach out to your RedHat support team.  With AWS IAM Roles, these can't have MFA configured and then you can explain to your security team that it isn't possible to have MFA for that AWS IAM Role that the cluster may use.  However, you may want to check RedHat's access with your security team to see if there is a requirement to have MFA on vendor access to your AWS Account.

Using AWS CLI in automation without MFA token

関連するコンテンツ