Skip to content

jlehtimaki/aws-shield-controller

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
controller
controller
 
 
hack
hack
 
 
kustomize
kustomize
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

aws-shield-controller

Operator to enable AWS Shield on your NLB/CLB/ALB automatically.

Prerequisites

aws-shield-controller requires certain AWS permissions to run:

  "elasticloadbalancing:DescribeLoadBalancerAttributes",
  "elasticloadbalancing:DescribeSSLPolicies",
  "elasticloadbalancing:DescribeLoadBalancers",
  "elasticloadbalancing:DescribeTargetGroupAttributes",
  "elasticloadbalancing:DescribeListeners",
  "elasticloadbalancing:DescribeTags",
  "elasticloadbalancing:DescribeAccountLimits",
  "elasticloadbalancing:DescribeTargetHealth",
  "elasticloadbalancing:DescribeTargetGroups",
  "elasticloadbalancing:DescribeListenerCertificates",
  "elasticloadbalancing:DescribeRules",
  "shield:CreateProtection",
  "ec2:DescribeAddresses",

It's prefered to use IRSA to map your serviceaccount to your IAM role.

Usage

Install Controller

kustomize build kustomize |  kubectl apply -f -

Or

make deploy

Enable AWS Shield on your ingress

Add this to your ingress annotation
aws.shield.controller: enable

Build

make build

TODO

  • Allow also to disable Shield
  • Check protected resources before trying to enable them again
  • Make code more robust
  • Make tests

About

Contoller to enable AWS Shield on your ALB,NLB & CLB

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages