πConfigure IAM
Sedai uses an agentless approach in order to securely access AWS resources.
Sedai programmatically connects to your cloud resources via Identity and Access Management (IAM) authentication. IAM provides granular control of your cloud environments so that you can specify user permissions to access certain resources.
IAM authentication requires the following:
Create IAM Policy using Sedai's Autonomous permissions (recommended) OR Read-only permissions. Learn more about what's included in Sedai's policies
Create IAM Role (recommended) OR IAM User and attach the policy you create with Sedai's permissions.
Sedai's IAM policies provide visibility to your infrastructure and the option to autonomously modify resource configurations. They do not impact your privacy policies or include access to logs.
Once you configure IAM from your AWS Console, you will be able to connect the account/cluster to Sedai using either the Role ARN or User Secret/Access Keys.
The following steps are required in order to add an AWS environment and connect your AWS resources to Sedai:
From your AWS Console, grant Sedai access via IAM authentication. You can configure this automatically using CloudFormation, or set it up manually.
Integrate the account directly within Sedai via initial onboarding, or go to Settings > Integrations > Add Integration > Connect Cloud.
Give your account a Nickname (since you can add multiple AWS accounts to the platform, this helps you easily identify different resources from their unique AWS environment within Sedai).
By default, Sedai will automatically connect to CloudWatch and use its monitoring data to analyze resource behavior. You can additionally connect monitoring data from other APM and observability providers.
By default, Sedai will automatically connect to CloudWatch and use its monitoring data to analyze resource behavior. You can additionally connect monitoring data from other APM and observability providers.
If you plan on adding multiple AWS environments to Sedai, you will need to generate either a unique IAM User or Role per environment.
In addition to IAM authentication, for EKS resources you must also set up Kubernetes Role Based Access Control (RBAC) for authorization and add the IAM Role or User into the aws-auth configmap.
Configure IAM with CloudFormation
You can automatically set up IAM authentication using one of the following CloudFormation Stacks.
AWS CloudFormation simplifies provisioning and management on AWS. You can create templates for the service or application architectures you want and have AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called βstacksβ). You can also easily update or replicate the stacks as needed.
This collection of sample templates will help you get started with AWS CloudFormation and quickly build your own templates.
Select your preferred configuration below to launch the CloudFormation Stack from your AWS Console. This will automatically create your selected Sedai IAM policy as well as create your preferred IAM authentication method (Role or User) and attach the new policy to it.
Once the CloudFormation Stack executes, you will be able to copy either the Role ARN from the new IAM Sedai Role or Access and Secret Key from the new IAM Sedai User. This information is required in order to connect your AWS account within Sedai from the Integrations page.
Autonomous Policy (See what's included)
IAM Role (Recommended)
Read-only Policy (See what's included)
You can alternatively manually create the IAM policy and IAM Role or IAM User from within your AWS Console.
Resources
Last updated
