AWS Identity Matcher
AwsIdentityMatcher specifies matching workloads with AWS
-specific
identities.
partitions:
- aws
accounts:
- '123456789012'
regions:
- ca-central-1
zones:
- ca-central-1b
ec2: {} # EC2 VM instances from the above partitions/accounts/regions/zones
partitions:
- aws
accounts:
- '123456789012'
regions:
- ca-central-1
zones:
- ca-central-1b
ec2:
iamRoleNames:
- example-role # EC2 VM instances from the above partitions/accounts/regions/zones
# associated with one of IAM Roles on that list
AwsIdentityMatcher
AwsIdentityMatcher specifies matching workloads with AWS
-specific identities.
Field | Description | Validation Rule |
---|---|---|
partitions | List of string E.g., Empty list means match any partition. See https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html | repeated = { |
accounts | List of string E.g., Cannot be empty. See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html | repeated = { |
regions | List of string E.g., Empty list means match any region. See https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints | repeated = { |
zones | List of string E.g., Empty list means match any availability zone. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html | repeated = { |
ec2 | tetrateio.api.onboarding.authorization.aws.v1alpha1.Ec2InstanceMatcher oneof kind If present but empty, it matches any | – |
Ec2InstanceMatcher
Ec2Instance specifies matching AWS EC2
instances.
Field | Description | Validation Rule |
---|---|---|
iamRoleNames | List of string E.g., Empty list means match any See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html | repeated = { |