When deploying a snapblocs stack, snapblocs provisions the stack within the customer's AWS account. The stack is integrated with Amazon EKS for Kubernetes clusters using AWS EC2 instances and other AWS resources. snapblocs manages the lifecycle of the nodes on EC2 and other AWS services such as ELB, EBS to create a fully production-ready Kubernetes cluster that can auto-scale based on workload requirements.
snapblocs requires access to the customer's cloud provider environment for deploying stacks, collecting statistics for stacks, etc.
The IAM role data is encrypted and stored on the secured AWS Systems Manager Parameter Store to protect the IAM role data from any unauthorized access. They are not stored within the snapblocs SaaS application or infrastructure.
Click here to create an IAM role. To create an IAM role, copy two values from the AWS access UI: snapblocs AWS account ID
External ID
An authorized user can add an IAM role that can be shared among any account users for managing stacks such as creating, deploying, etc.
An IAM role can be added to either an account or a project.
An IAM role created at the account level is available for use by all projects and their stacks. In essence, they are shared credentials for all projects. An IAM role created at the project level can only be used by stacks within that project.
To add an IAM Role to a snapblocs Account:
From the left nav, go to “Settings,” then select the “Provider Access” tab.
Click "+Add new".
Select "AWS" for the cloud provider, then select “Next.”
For AWS access type, select "IAM Role."
For “Name,” enter a unique access name.
Enter the “Role ARN” generated for snapblocs.
(Optionally) Click "Test credentials with provider" to validate the IAM Role.
Select “Save.”
To add IAM Role to project.
Any members of your account can use the IAM Role.
From the left nav, go to “Projects."
Select the project.
Click "Provider Access"
Click "+Add new".
For AWS access type, select "IAM Role."
For “Name,” enter a unique access name.
Enter the “Role ARN” generated for snapblocs.
(Optionally) Click "Test credentials with provider" to validate the IAM Role.
Select “Save”
AWS Resources granted to snapblocs for access
The provided IAM role will be utilized for creating, deleting, and updating the following AWS resources.
EKS
SecurityGroup / Security GroupRule (for cluster connectivity)
ELB (for HA Kubernetes API)
Auto Scaling Groups (for creation of ASGs for master and worker nodes)
EC2 instances / LaunchConfiguration
IAM roles and Instance Profiles
Related Articles
How to Create AWS IAM Role
IAM Role allows snapblocs to securely access your Amazon AWS environment for deploying and collecting statistics of your platform stacks, etc. Your IAM Role data is encrypted and stored on the secured AWS Systems Manager Parameter Store (not on the ...
How to add AWS IAM Access Keys to snapblocs
When deploying a snapblocs stack, snapblocs provisions the stack within the customer’s AWS account. The stack is integrated with Amazon EKS for Kubernetes clusters using AWS EC2 instances and other AWS resources. snapblocs manages the lifecycle of ...
How to add other IAM users to provide access to AWS EKS
After deploying a stack, if someone tries to access AWS EKS using kubectl, (s)he will get the following authorization error: "error: You must be logged in to the server (Unauthorized)." This happens when the Amazon EKS cluster is created by an ...
How to Create AWS IAM Access Keys
AWS IAM Access Key ID and Secret Access Key IAM Access Keys allows snapblocs to securely access your Amazon AWS environment for deploying and collecting statistics of your platform stacks, etc. Your Access Key values are encrypted and stored on the ...
AWS Provider Access Method
Add an AWS provider access method to snapblocs before configuring or deploying a stack. When configuring a stack, snapblocs will retrieve some AWS account information such as available VPCs, Subnets, SSH Key Pairs, etc. This information is ...