Tetrate Service BridgeVersion: 1.4.x

AWS Identity Matcher

AwsIdentityMatcher specifies matching workloads with AWS-specific identities.

partitions:
- aws
accounts:
- '123456789012'
regions:
- ca-central-1
zones:
- ca-central-1b
ec2: \{\}           # EC2 VM instances from the above partitions/accounts/regions/zones

partitions:
- aws
accounts:
- '123456789012'
regions:
- ca-central-1
zones:
- ca-central-1b
ec2:
  iamRoleNames:
  - example-role  # EC2 VM instances from the above partitions/accounts/regions/zones
                  # associated with one of IAM Roles on that list

AwsIdentityMatcher

AwsIdentityMatcher specifies matching workloads with AWS-specific identities.

Field	Description	Validation Rule
partitions	List of string List of valid `AWS Partitions`. E.g., `aws`, `aws-cn`, `aws-us-gov`, etc. Empty list means match any partition. See https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html	repeated = { items: `{string:{min_len:1}}` }
accounts	List of string REQUIRED List of valid `AWS Accounts`. E.g., `123456789012`. Cannot be empty. See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html	repeated = { min_items: `1` items: `{string:{pattern:^[0-9]{12}$}}` }
regions	List of string List of valid `AWS Regions`. E.g., `us-east-2`, `eu-west-3`, `cn-north-1`, etc. Empty list means match any region. See https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints	repeated = { items: `{string:{min_len:1}}` }
zones	List of string List of valid `AWS Availability Zones`. E.g., `us-east-2a`, `eu-west-3b`, `ap-southeast-1c`, etc. Empty list means match any availability zone. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html	repeated = { items: `{string:{min_len:1}}` }
ec2	tetrateio.api.onboarding.authorization.aws.v1alpha1.Ec2InstanceMatcher ^{oneof _kind} Valid `AWS EC2` instances. If present but empty, it matches any `EC2` instance from valid accounts, regions and availability zones.	–

Ec2InstanceMatcher

Ec2Instance specifies matching AWS EC2 instances.

Field Description Validation Rule

Field	Description	Validation Rule
iamRoleNames	List of string List of valid `AWS IAM Role` names `AWS EC2` instances must be associated with. E.g., `example-role`. Empty list means match any `EC2` instance (no matter whether it has an `AWS IAM Role` associated with it or not). See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html	repeated = { items: `{string:{min_len:1}}` }

iamRoleNames

List of string
List of valid AWS IAM Role names AWS EC2 instances must be associated with.

E.g., example-role.

Empty list means match any EC2 instance (no matter whether it has an AWS IAM Role associated with it or not).

See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html

repeated = {
items: {string:{min_len:1}}
}

AwsIdentityMatcher​

Ec2InstanceMatcher​

AwsIdentityMatcher

Ec2InstanceMatcher