Tetrate Istio Subscription PlusVersion: Latest

AWS EC2 Credential

The differences between TSB and Tetrate Istio Subscription Plus (TIS+)

Tetrate Istio Subscription Plus (TIS+) utilizes many of the same components as the Tetrate Service Bridge(TSB) product but has the several distinctions.

EC2Credential represents credential of an AWS EC2 instance.

EC2Credential

EC2Credential represents credential of an AWS EC2 instance.

Field Description Validation Rule

Field	Description	Validation Rule
instanceIdentityDocument	tetrateio.api.onboarding.private.types.credential.aws.v1alpha1.EC2InstanceIdentityDocument REQUIRED `AWS EC2` instance identity document with a verifiable signature. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html	message = { required: `true` }
instanceCredential	tetrateio.api.onboarding.private.types.credential.aws.v1alpha1.CredentialInfo Information about the `EC2` Instance Credential associated with the `EC2` instance verifiable through `AWS STS GetCallerIdentity API`. See https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html Since `AWS` classifies `EC2` Instance Credential as an API `"for Internal use only"``, this field remains optional, although highly favourable.	–
iamRoleCredential	tetrateio.api.onboarding.private.types.credential.aws.v1alpha1.CredentialInfo Information about the IAM Role Credential associated with the `EC2` instance verifiable through `AWS STS GetCallerIdentity API`. See https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html Since `EC2` instance might not have an IAM Role Credential associated with it, this field remains optional.	–

instanceIdentityDocument

tetrateio.api.onboarding.private.types.credential.aws.v1alpha1.EC2InstanceIdentityDocument
REQUIRED
AWS EC2 instance identity document with a verifiable signature. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html

message = {
required: true
}

instanceCredential

tetrateio.api.onboarding.private.types.credential.aws.v1alpha1.CredentialInfo
Information about the EC2 Instance Credential associated with the EC2 instance verifiable through AWS STS GetCallerIdentity API. See https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html

Since AWS classifies EC2 Instance Credential as an API `"for Internal use only"``, this field remains optional, although highly favourable.

–

iamRoleCredential

tetrateio.api.onboarding.private.types.credential.aws.v1alpha1.CredentialInfo
Information about the IAM Role Credential associated with the EC2 instance verifiable through AWS STS GetCallerIdentity API. See https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html

Since EC2 instance might not have an IAM Role Credential associated with it, this field remains optional.

–

EC2InstanceIdentityDocument

EC2InstanceIdentityDocument represents AWS EC2 instance identity document. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html

Field	Description	Validation Rule
pkcs7SignatureRsa2048	string ^{oneof _kind} `PKCS#7` signature of the `EC2` instance identity document verifiable by an AWS RSA-2048 public certificate. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-rsa2048.html	string = { min_len: `1` }

EC2Credential​

EC2InstanceIdentityDocument​

EC2Credential

EC2InstanceIdentityDocument