Integration using a cross account role
Last updated
Last updated
Before being able to use the AWS integration you'll need to create an initial "master" role for Kubiya to be able to access your AWS account
Before you begin, ensure that you have the following:
Access to the Kubiya platform.
Appropriate permissions to make configurations on AWS (IAM)
Create a role on AWS for Kubiya to perform actions on AWS:
Login to your AWS console and navigate to the Identity and Access Management (IAM) page.
Click on the Roles section
Click Create Role button in the top right corner
In the “Select trusted entity” dialog:
Select “AWS account”
Select “Another AWS account
Enter the Kubiya Account ID in the identifier input box 564407622114
Click Next
In the ‘Policies’ dialog, select the access rules that you would like Kubiya to have access to, then click Next
In the “Role details” dialog:
Name the role, you will need this later.
Confirm the Kubiya Account ID in the JSON under “Step 1: Select trusted entities”
Confirm the selected permissions under “Step 2: Add permissions”
If correct, click the Create role button
In the Kubiya web interface , navigate to the connectors panel:
Choose AWS:
Fill in your account details based on the role you have created:
Connecting with AWS using a local runner:
This is usually an advanced option - targeted for cases where you'd like to access AWS using a local runner (such as a Kubernetes cluster) with an instance profile role.
a. Uncheck SaaS Deployment
b. Select the target local runner where to install the integration on:
c. Interaction from AWS will be done using the runner tunnel, you might need to setup in advance a role which will get used from the Kubiya namespace in your Kubernetes cluster to be able to get temporary credentials from AWS
From the connectors page, click on New connection:
