Configure IAM

Sedai uses an agentless approach in order to securely access AWS resources.
Sedai programmatically connects to your cloud resources via Identity and Access Management (IAM) authentication. IAM provides granular control of your cloud environments so that you can specify user permissions to access certain resources.
IAM authentication requires the following:
Once you configure IAM from your AWS Console, you will be able to connect the account/cluster to Sedai using either the Role ARN or User Secret/Access Keys.
The following steps are required in order to add an AWS environment and connect your Lambda, ECS, and EC2 resources to Sedai:
  1. 1.
    From your AWS Console, grant Sedai access via IAM authentication. You can configure this automatically using CloudFormation, or set it up manually.
  2. 2.
    Integrate the account directly within Sedai via initial onboarding, or go to Settings > Integrations > Add Integration > Connect Cloud.
  3. 3.
    Give your account a Nickname (since you can add multiple AWS accounts to the platform, this helps you easily identify different resources from their unique AWS environment within Sedai).
  4. 4.
    Enter Role ARN if you connected via IAM Role (recommended), or enter the Access and Secret Key if you connected via IAM User.
  5. 5.
    By default, Sedai will automatically connect to CloudWatch and use its monitoring data to analyze resource behavior. You can additionally connect monitoring data from other APM and observability providers.
If you plan on adding multiple AWS environments to Sedai, you will need to generate either a unique IAM User or Role per environment.
In addition to IAM authentication, for EKS resources you must also set up Kubernetes Role Based Access Control (RBAC) for authorization and add the IAM Role or User into the aws-auth configmap.

Configure IAM with CloudFormation

You can automatically set up IAM authentication using one of the following CloudFormation Stacks.
AWS CloudFormation simplifies provisioning and management on AWS. You can create templates for the service or application architectures you want and have AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called “stacks”). You can also easily update or replicate the stacks as needed.
This collection of sample templates will help you get started with AWS CloudFormation and quickly build your own templates.
CloudFormation Templates
Amazon Web Services, Inc.
Learn more about AWS CloudFormation Stacks
Select your preferred configuration below to launch the CloudFormation Stack from your AWS Console. This will automatically create your selected Sedai IAM policy as well as create your preferred IAM authentication method (Role or User) and attach the new policy to it.
Once the CloudFormation Stack executes, you will be able to copy either the Role ARN from the new IAM Sedai Role or Access and Secret Key from the new IAM Sedai User. This information is required in order to connect your AWS account within Sedai from the Integrations page.
You can alternatively manually create the IAM policy and IAM Role or IAM User from within your AWS Console.