Skip to content

Commit 30c8d65

Browse files
achuribooksaddetz
achuribooks
and
addetz
authored
docs: DOC-2415 and DOC-1897: AWS Secret Cleanup + MirrorRegistry v2 Endpoints (#9151)
* Rough draft * Rough draft complete * Fixing links * Apply suggestions from code review * mirrorRegistry fix * ci: auto-formatting prettier issues * Additional cleanup * Update custom.scss * Apply suggestions from code review Co-authored-by: Adelina Simion <[email protected]> * ci: auto-formatting prettier issues * Missing link + erroneous Azure mention --------- Co-authored-by: achuribooks <[email protected]> Co-authored-by: Adelina Simion <[email protected]>
1 parent 95a81ad commit 30c8d65

37 files changed

+711
-631
lines changed

_partials/_aws-static-credentials-setup.mdx

Lines changed: 0 additions & 31 deletions
This file was deleted.

_partials/clusters/public-cloud/_clusters_cluster-settings.mdx renamed to _partials/clusters/_clusters_cluster-settings.mdx

File renamed without changes.

_partials/clusters/aws/_aws-account-setup-validate.mdx

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
---
2+
partial_category: clusters-aws-account-setup
3+
partial_name: aws-account-setup-validate
4+
---
5+
6+
1. Log in to {props.edition} as a tenant admin.
7+
8+
2. From the left main menu, select **Tenant Settings**.
9+
10+
3. From the **Tenant Settings Menu**, select **Cloud Accounts**.
11+
12+
4. Verify that your AWS account appears in the **AWS** section.

_partials/clusters/aws/_aws-dynamic-credentials-enablement-1.mdx

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
---
2+
partial_category: clusters-aws-account-setup
3+
partial_name: aws-dynamic-credentials-enablement-1
4+
---
5+
6+
1. Log in to [Palette](https://console.spectrocloud.com) or Palette VerteX as a tenant admin.
7+
8+
2. From the left main menu, select **Tenant Settings**.
9+
10+
3. From the **Tenant Settings** menu, select **Cloud Accounts**.
11+
12+
4. Locate the **AWS** section and select **Add AWS Account**.
13+
14+
5. Fill out the following information.
15+
16+
| **Palette Parameter** | **Description** |
17+
| -------------------------- | --------------------------------------------------------------------------------------------------- |
18+
| **Account Name** | Enter a custom account name. The account name must be unique within the tenant scope. |
19+
| **Description (Optional)** | Enter a description for the cloud account. |
20+
| **Partition** | Select **{props.partition}**. |
21+
| **STS** | Select **STS** to authenticate your AWS account using STS credentials and reveal the **ARN** field. |
22+
23+
6. When you select **STS**, the right side of the wizard populates with details on how to create an IAM role for
24+
Palette. Log in to your AWS account and begin the IAM role creation process by navigating to **IAM > Roles > Create
25+
role**. The following table expands on the information provided by the wizard.
26+
27+
| **AWS Parameter** | **Description** |
28+
| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
29+
| **Trusted entity type** | Select **AWS account**. In the **An AWS account** section, select **Another AWS account**. |
30+
| **Account ID** | Copy the **Account ID** displayed on the Palette wizard. If using a self-hosted instance, this is the same AWS account that you configured for your Palette or Palette VerteX instance to enable STS. Refer to the appropriate [Enable Adding AWS Accounts Using STS - Palette](/enterprise-version/system-management/configure-aws-sts-account/) or [Enable Adding AWS Accounts Using STS - VerteX](/vertex/system-management/configure-aws-sts-account/) guide for more information. |
31+
| **Require external ID** | In the **An AWS account** section, below **Options**, select **Require External ID**. |
32+
| **External ID** | Copy the **External ID** displayed on the Palette wizard. This ID is generated by Palette and is different for each tenant. |
33+
| **Permissions policies** | Search for and select the [required IAM policies](/clusters/public-cloud/aws/required-iam-policies/): **PaletteControllerPolicy**, **PaletteControlPlanePolicy**, **PaletteDeploymentPolicy**, and **PaletteNodesPolicy**. If deploying EKS clusters, add the **PaletteControllersEKSPolicy** as well. |
34+
| **Role name** | In the **Role details** section, enter `SpectroCloudRole` for the **Role name**. |
35+
36+
7. Your new role appears in the **Roles** list. Locate and select the new role. In the **Summary** section, copy the
37+
Amazon Resource Name (**ARN**) for the role.
38+
39+
8. In Palette, paste the role ARN into the **ARN** field.
40+

_partials/clusters/aws/_aws-dynamic-credentials-prerequisites.mdx

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
---
2+
partial_category: clusters-aws-account-setup
3+
partial_name: aws-dynamic-credentials-prerequisites
4+
---
5+
6+
- A [Palette](https://console.spectrocloud.com) or Palette VerteX account with [tenant admin](/tenant-settings/) access.
7+
8+
- An AWS account with the [required IAM policies](/clusters/public-cloud/aws/required-iam-policies/).
9+
10+
- The ability to create an [IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html)
11+
that Palette can assume using STS. You will create the role while adding your AWS account to Palette or Palette VerteX.
12+
13+
- (Self-hosted Palette and Palette VerteX only) By default, adding AWS accounts using STS is disabled in self-hosted
14+
Palette and Palette VerteX. To allow tenants to add AWS accounts using STS, refer to the appropriate
15+
[Enable Adding AWS Accounts Using STS - Palette](/enterprise-version/system-management/configure-aws-sts-account/)
16+
or [Enable Adding AWS Accounts Using STS - VerteX](/vertex/system-management/configure-aws-sts-account/)
17+
guide.

_partials/clusters/aws/_aws-static-credentials-enablement-1.mdx

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
---
2+
partial_category: clusters-aws-account-setup
3+
partial_name: aws-static-credentials-enablement-1
4+
---
5+
6+
1. Log in to {props.edition} as a tenant admin.
7+
8+
2. From the left main menu, select **Tenant Settings**.
9+
10+
3. From the **Tenant Settings** menu, select **Cloud Accounts**.
11+
12+
4. Locate the **AWS** section and select **Add AWS Account**.
13+
14+
5. Fill out the following information.
15+
16+
| **Parameter** | **Description** |
17+
| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
18+
| **Account Name** | Enter a custom account name. The account name must be unique within the tenant scope. |
19+
| **Description (Optional)** | Enter a description for the cloud account. |
20+
| **Partition** | Select **{props.partition}**. |
21+
| **Credentials** | Select **Credentials** to authenticate your AWS account using static access credentials for an IAM user. |
22+
| **Access key** | Enter your IAM user's access key. This is found in the **Summary** section of your AWS **IAM > Users** dashboard. Refer to [Manage access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for more information on access keys. |
23+
| **Secret access key** | Enter your IAM user's secret access key that corresponds to the **Access key**. This key cannot be viewed or regenerated after the initial creation of your **Access key**. If you cannot retrieve your secret access key, you must create a new access key pair. |
24+

_partials/clusters/aws/_aws-static-credentials-prerequisites.mdx

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
partial_category: clusters-aws-account-setup
3+
partial_name: aws-static-credentials-prerequisites
4+
---
5+
6+
- A {props.edition} account with [tenant admin](/tenant-settings/) access.
7+
8+
- An AWS account with an [IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html) for Palette.
9+
The IAM user must be assigned the [required IAM policies](/clusters/public-cloud/aws/required-iam-policies/).

_partials/clusters/aws/_aws-static-dynamic-credentials-enablement-2.mdx

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
---
2+
partial_category: clusters-aws-account-setup
3+
partial_name: aws-static-dynamic-credentials-enablement-2
4+
---
5+
6+
**Validate** your AWS credentials. A green check mark indicates valid credentials.
7+
8+
<li>Once your credentials are verified, the **Add IAM Policies** toggle is displayed. Toggle **Add IAM Policies** on and use the **Policies** drop-down menu to select any desired IAM policies you want to assign to the Palette IAM user. </li>
9+
10+
<li>To deploy clusters to your AWS cloud through a [Private Cloud Gateway (PCG)](/clusters/pcg/architecture/), toggle **Connect Private Cloud Gateway** on and select a **Private Cloud Gateway** from the drop-down menu. The PCG must be deployed and registered with {props.edition} at **Tenant Settings > Private Cloud Gateway** in order to select it. </li>
11+
12+
<li>Select **Confirm** to add your AWS account to Palette.</li>
13+

_partials/clusters/aws/eks-pod-identity/_eks-pod-identity-enablement.mdx

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
---
2+
partial_category: eks-pod-identity
3+
partial_name: eks-pod-identity-enablement
4+
---
5+
6+
1. Log in to [Palette](https://console.spectrocloud.com) or Palette VerteX as a tenant admin.
7+
8+
2. From the left main menu, select **Tenant Settings**.
9+
10+
3. From the **Tenant Settings** menu, select **Cloud Accounts**.
11+
12+
4. Locate the **AWS** section and select **Add AWS Account**.
13+
14+
5. Fill out the following information.
15+
16+
| **Palette Parameter** | **Description** |
17+
| -------------------------- | --------------------------------------------------------------------------------------------------- |
18+
| **Account Name** | Enter a custom account name. The account name must be unique within the tenant scope. |
19+
| **Description (Optional)** | Enter a description for the cloud account. |
20+
| **Partition** | Select **{props.partition}**. |
21+
| **EKS Pod Identity** | Select **EKS Pod Identity** to authenticate your AWS account using the EKS Pod Identity method and reveal the **ARN** field. |
22+
23+
6. In the AWS console, navigate to **IAM > Roles**, and select the new IAM role created for Palette (for example,`SpectroCloudRole`). In the **Summary** section, copy the Amazon Resource Name (**ARN**) for the role.
24+
25+
7. In Palette, paste the role ARN into the **ARN** field.
26+
27+
8. **Validate** your AWS credentials. A green check mark indicates valid credentials.
28+
29+
The **Add IAM Policies** option appears after successful validation. Leave this blank, as the required IAM policies have already been assigned to the IAM role created for Palette (for
30+
example, `SpectroCloudRole`).
31+
32+
9. (Optional) To set a
33+
[permission boundary](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html), toggle
34+
**Add Permission Boundary** on and provide the ARN of a IAM policy or role in the **Permission Boundary ARN**
35+
field.
36+
37+
10. Select **Confirm** to add your AWS account to Palette.

_partials/eks-pod-identity/_eks-pod-identity-intro.mdx renamed to _partials/clusters/aws/eks-pod-identity/_eks-pod-identity-intro.mdx

File renamed without changes.

0 commit comments

Comments
 (0)