Links

Create IAM Role

(Recommended) Learn how to create an IAM Role in order to securely delegate Sedai uninterrupted access to your AWS resources.
Use CloudFormation to automatically create an IAM Role and attach Sedai's policy.
If you prefer to manually create an IAM Role with sufficient privileges for Sedai to access your topology, you must have access to your organization's AWS Console and permission to create a new IAM Role.
To grant Sedai access to your resources, you will create an IAM Role and link
If you plan to connect multiple EKS clusters from the same environment to Sedai, you will only need to create one IAM Role. The same ARN can be used to connect each cluster to Sedai.
AWS Console
AWS CLI
  1. 1.
    Navigate to Identity and Access Management (IAM) within your AWS Console.
  2. 3.
    Select Role > Create Role.
  3. 4.
    Under Trusted entity type, select AWS account and then choose Another AWS account. Enter Sedai's unique Account ID (this will be displayed within the platform when you add a new cloud from the Integrations page and opt to manually set up IAM authentication with an IAM Role). Optionally, add the External Id, which is also displayed along with the Account Id in the previous page. Skip the additional options and select Next.
  4. 5.
    Select the policy created in Step 2.
  5. 6.
    Enter a Role name and Description, and select Create to complete setup.
  6. 7.
    Copy the ARN. This will be used to add your connect your resources to Sedai from the Integrations page.
This approach requires your AWS CLI to be configured.
2. Create IAM policy:
aws --profile AWS_PROFILE iam create-policy --policy-name SedaiAWSIntegrationIamPolicy --policy-document file://sedai-policy.json
3. Create IAM Role and attach policy:
curl -o assume-role-policy.json https://raw.githubusercontent.com/SedaiEngineering/sedai-onboarding/main/aws/sedai-assume-role-policy-document.json
aws --profile AWS_PROFILE iam create-role --role-name SedaiAWSIntegrationRole --assume-role-policy-document file://assume-role-policy.json
aws --profile AWS_PROFILE iam attach-role-policy --role-name SedaiAWSIntegrationRole --policy-arn "arn:aws:iam::737058061372:policy/SedaiAWSIntegrationIamPolicy"
4. Copy the ARN. This will be used to add your connect your resources to Sedai from the Integrations page.
Learn more about IAM Roles: