AWS CloudFormation resource types for the management of aqua in EKS and self-managed Kubernetes clusters.
An IAM role is used by CloudFormation to execute the resource type handler code. A CloudFormation template to create the execution role is available here
EKS clusters use IAM to allow access to the kubernetes API, as the CloudFormation resource types in this project interact with the kubernetes API, the IAM execution role must be granted access to the kubernetes API. This can be done in one of two ways:
- Create the cluster using CloudFormation: Currently there is no native way to manage EKS auth using CloudFormation
(+1 this GitHub issue to help prioritize native support).
For this reason
AWSQS::EKS::Cluster
has been published. Instructions on activation and usage can be found here. - Manually: to allow this resource type to access the kubernetes API, follow the
instructions in the EKS documentation adding
the IAM execution role created above to the
system:masters
group. (Note: you can scope this down if you plan to use the resource type to only perform specific operations on the kubernetes cluster)
To activate the resource types in your account follow the links below, then choose the AWS Region you would like to use it in and click Activate.
Aqua::Enterprise::Server
Aqua::Enterprise::Enforcer
Aqua::Enterprise::KubeEnforcer
Aqua::Enterprise::Scanner
Aqua::Enterprise::Server
- CloudFormation properties - Helm valuesAqua::Enterprise::Enforcer
- CloudFormation properties - Helm valuesAqua::Enterprise::KubeEnforcer
- CloudFormation properties - Helm valuesAqua::Enterprise::Scanner
- CloudFormation properties - Helm values