Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow users with different admin AWS credentials to run cortex cluster commands #1316

Open
deliahu opened this issue Aug 28, 2020 · 0 comments
Labels
research Determine technical constraints

Comments

@deliahu
Copy link
Member

deliahu commented Aug 28, 2020

Currently, if you install the CLI on a new machine and use different AWS credentials (with the AdministratorAccess IAM policy attached), running cortex cluster commands will not work. We link to a cortex docs page with instructions on how to address this (implemented in #1392):

error: your aws iam user does not have access to this cluster; to grant access, see https://docs.cortex.dev/v/master/miscellaneous/security#running-cortex-cluster-commands-from-different-iam-users

It would be better if it just works out of the box (assuming that the new IAM user also has the AdministratorAccess IAM policy).

Relevant info:

Possible solution:

  • Assume the role of an IAM Role that has access to the cluster. There may already be one created (there is a role visible on the EKS console titled "Cluster IAM Role ARN"), or we may have to create one and grant access to it during cluster spin up.
@deliahu deliahu added bug Something isn't working v0.20 labels Aug 28, 2020
@deliahu deliahu added this to Prioritize in Cortex via automation Aug 28, 2020
@deliahu deliahu moved this from Prioritize to Current sprint in Cortex Aug 28, 2020
@deliahu deliahu moved this from Current sprint to Prioritize in Cortex Sep 26, 2020
@deliahu deliahu added research Determine technical constraints and removed v0.20 bug Something isn't working labels Sep 26, 2020
@deliahu deliahu removed this from To prioritize in Cortex Nov 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
research Determine technical constraints
Projects
None yet
Development

No branches or pull requests

1 participant