AWS Identity Matcher
Tetrate Service Express (TSE) utilizes many of the same components as the Tetrate Service Bridge(TSB) product but has the several distinctions. Go to Comparing TSE and TSB for more details.
AwsIdentityMatcher specifies matching workloads with AWS
-specific
identities.
For example, the following configuration will match any EC2 VM instance in
account 123456789012
, region ca-central-1
and zone ca-central-1b
:
partitions:
- aws
accounts:
- '123456789012'
regions:
- ca-central-1
zones:
- ca-central-1b
ec2: \{\}
The matcher can also be used to to limit to VMs associated with a specific IAM role as shown below:
partitions:
- aws
accounts:
- '123456789012'
regions:
- ca-central-1
zones:
- ca-central-1b
ec2:
iamRoleNames:
- example-role
The following matcher will limit to ECS instances in the bookinfo
cluster
and with a specific IAM role:
partitions:
- aws
accounts:
- '123456789012'
regions:
- ca-central-1
zones:
- ca-central-1b
ecs:
clusters:
- prod-cluster
iamRoleNames:
- example-role
AwsIdentityMatcher
AwsIdentityMatcher specifies matching workloads with AWS
-specific identities.
Field | Description | Validation Rule |
---|---|---|
partitions | List of string E.g., Empty list means match any partition. See https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html | repeated = { |
accounts | List of string E.g., Cannot be empty. See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html | repeated = { |
regions | List of string E.g., Empty list means match any region. See https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints | repeated = { |
zones | List of string E.g., Empty list means match any availability zone. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html | repeated = { |
ec2 | tetrateio.api.onboarding.authorization.aws.v1alpha1.Ec2InstanceMatcher oneof _kind If present but empty, it matches any | – |
Ec2InstanceMatcher
Ec2Instance specifies matching AWS EC2
instances.
Field | Description | Validation Rule |
---|---|---|
iamRoleNames | List of string E.g., Empty list means match any See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html | repeated = { |