Giter VIP home page Giter VIP logo

aws-cfn-confluentcloud-iam-serviceaccount's Introduction

ConfluentCloud::IAM::ServiceAccount

Allows to create a new Service Account into an organization in Confluent Cloud via API.

See the docs for properties

Install

Requirements

You need

  • An account on Confluent Cloud Platform
  • Have a Confluent Cloud API Key
  • AWS Account, and for the following installation steps, aws cli

Confluent API Key

# Optionally create an API key via the CLI
confluent api-key create --resource cloud -o json

export API_KEY=<API KEY RETURNED>
export API_SECRET=<API SECRET RETURNED>

Create a secret in AWS Secrets Manager with the API key

aws cloudformation deploy --stack-name confluent-cloud-api-credentials --template confluent-secrets.template \
  --parameter-overrides ConfluentApiKey=${API_KEY} ConfluentSecretKey=${API_SECRET}

Save the secret ARN into a variable

export SECRET_ARN=`aws cloudformation describe-stack-resources --stack-name confluent-cloud-api-credentials --logical-resource-id ConfluentSecret | jq -r .StackResources[0].PhysicalResourceId`

Activate the 3rd party CloudFormation resource

Option 1 - IAM and Resource together

Using the activate.template we create IAM roles and enable the resource in the account, all at once.

aws cloudformation deploy --stack cfn-resource--confluentcloud-iam-serviceaccount --template activate.template \
  --capabilities CAPABILITY_IAM

This option offers the "extra security" to have a different IAM Execution role for that resource than others.

Option 2 - IAM first, resource separate

Most recommended if you consider enabling multiple ConfluentCloud:: resources published

We are going to use cfn-resources-iam-roles.template template to create the Execution and LoggingRole first, then use these in the activate.template as parameters.

aws cloudformation deploy --stack-name iam--cfn--confluentcloud-resources --template cfn-resources-iam-roles.template \
  --capabilities CAPABILITY_IAM

Export the IAM Roles to env vars

EXEC_ROLE_ARN=`aws cloudformation describe-stacks --stack-name iam--cfn--confluentcloud-resources | jq -r '.Stacks[0].Outputs[] |  select(.OutputKey=="ExecutionRoleArn")' | jq -r .OutputValue`
LOGGING_ROLE_ARN=`aws cloudformation describe-stacks --stack-name iam--cfn--confluentcloud-resources | jq -r '.Stacks[0].Outputs[] |  select(.OutputKey=="CloudWatchRoleArn")' | jq -r .OutputValue`

Now, we activate the resource using these IAM Roles

aws cloudformation deploy --stack cfn-resource--confluentcloud-iam-serviceaccount --template activate.template \
  --capabilities CAPABILITY_IAM \
  --parameter-overrides ExecutionRoleArn=${EXEC_ROLE_ARN} LoggingRoleArn=${LOGGING_ROLE_ARN}

Create a new Service account

aws cloudformation deploy --stack-name my-first-service-account --template resource-test.template \
  --parameter-overrides ConfluentCloudApiSecrets=${SECRET_ARN} ServiceAccountName=cfn-test-service-account

Troubleshooting

If you are getting errors with the resource, you can see in the logs what issues occurred that lead to this issue. With the template activate.template, you can see that there is a CloudWatch log group that will be logging the code execution and so you can open an issue on GitHub

If at any point in the logging you'd notice information that is not supposed to be there, please notify it immediately. With that said, as the "vendor" of that resource, we will never have access to these logs or anything in your account.

aws-cfn-confluentcloud-iam-serviceaccount's People

Contributors

johnpreston avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.