ProviderConfig - upbound/provider-family-aws@latest

Tags is list of session tags that you want to pass. Each session tag consists of a key name and an associated value. For more information about session tags, see Tagging STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html).

key

requiredstring

value

requiredstring

transitiveTagKeys

array

TransitiveTagKeys is a list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain. For more information, see Chaining Roles with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining).

credentials

requiredobject

Credentials required to authenticate to this provider.

env

object

Env is a reference to an environment variable that contains credentials that must be used to connect to the provider.

name

requiredstring

object

Fs is a reference to a filesystem location that contains credentials that must be used to connect to the provider.

path

requiredstring

secretRef

object

A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider.

requiredstring

requiredstring

requiredstring

requiredstring

object

Upbound defines the options for authenticating using Upbound as an identity provider.

webIdentity

object

WebIdentity defines the options for assuming an IAM role with a Web Identity.

roleARN

string

roleSessionName

string

tokenConfig

object

TokenConfig is the Web Identity Token config to assume the role.

object

Fs is a reference to a filesystem location that contains credentials that must be used to obtain the web identity token.

path

requiredstring

secretRef

object

A SecretRef is a reference to a secret key that contains the credentials that must be used to obtain the web identity token.

requiredstring

requiredstring

requiredstring

requiredstring

object

WebIdentity defines the options for assuming an IAM role with a Web Identity.

roleARN

string

roleSessionName

string

tokenConfig

object

TokenConfig is the Web Identity Token config to assume the role.

object

Fs is a reference to a filesystem location that contains credentials that must be used to obtain the web identity token.

path

requiredstring

secretRef

object

A SecretRef is a reference to a secret key that contains the credentials that must be used to obtain the web identity token.

requiredstring

requiredstring

requiredstring

requiredstring

object

Endpoint is where you can override the default endpoint configuration of AWS calls made by the provider.

hostnameImmutable

boolean

partitionId

string

services

array

Specifies the list of services you want endpoint to be used for

string

string

string

string

requiredobject

URL lets you configure the endpoint URL to be used in SDK calls.

dynamic

object

Dynamic lets you configure the behavior of endpoint URL resolver.

requiredstring

requiredstring

string

requiredstring

boolean

skip_credentials_validation

boolean

skip_metadata_api_check

boolean

skip_region_validation

boolean

skip_requesting_account_id

boolean

status

object

A ProviderConfigStatus reflects the observed state of a ProviderConfig.

conditions

array

Conditions of the resource.

requiredstring

string

integer

requiredstring

requiredstring

requiredstring

integer

web-identity-with-role-chain

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: web-identity-with-role-chain
spec:
  assumeRoleChain:
    - roleARN: <roleARN-1>
    - roleARN: <roleARN-2>
  credentials:
    source: WebIdentity
    webIdentity:
      roleARN: <roleARN-for-web-identity>

webidentity-example

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: webidentity-example
spec:
  credentials:
    source: WebIdentity
    webIdentity:
      roleARN: arn:aws:iam::123456789012:role/providerexamplerole
      tokenConfig:
        secretRef:
          key: token
          name: example-web-identity-token-secret
          namespace: upbound-system
        source: Secret

upbound

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: upbound
spec:
  credentials:
    source: Upbound
    upbound:
      webIdentity:
        roleARN: <roleARN-for-provider-identity>

pod-identity

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: pod-identity
spec:
  credentials:
    source: PodIdentity

irsa-with-role-chaining

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: irsa-with-role-chaining
spec:
  assumeRoleChain:
    - roleARN: <roleARN-1>
    - roleARN: <roleARN-2>
  credentials:
    source: IRSA

default

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    secretRef:
      key: credentials
      name: example-aws-creds
      namespace: crossplane-system
    source: Secret

irsa

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: irsa
spec:
  credentials:
    source: IRSA

user-creds-with-assume-role

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: user-creds-with-assume-role
spec:
  assumeRoleChain:
    - roleARN: <roleARN>
  credentials:
    secretRef:
      key: credentials
      name: example-aws-creds
      namespace: crossplane-system
    source: Secret

web-identity

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: web-identity
spec:
  credentials:
    source: WebIdentity
    webIdentity:
      roleARN: <roleARN-for-web-identity>

Marketplace

Discover the building blocks for your internal cloud platform.

Solutions

Learn

Company

More