AWS service accounts

To access resources in AWS provided by Cloud Platform we need a way to authenticate our applications. A mechanism is provided by Cloud Platform using IAM roles for service accounts (IRSA).

Authenticating with AWS

An IAM Role for IRSA policy is required so that applications in your namespace can access the AWS resources.

Create an IRSA module to authenticate with AWS.

The service_account_name specified in the irsa module must also be added to your helm values file.

Note that initially the role_policy_arns should be left empty and you’ll add policies for the various resources you create with Cloud Platform.