IAM
IAM setup is only applicable for environments that require either OIDC authentication for CI/CD or for applications that have Maskinporten integration.
Step 1: Create a new configuration file
Create a new configuration file for IAM and enable the components you need:
StackName: "iam"
MaskinportenKeyRotation:
Enable: false
GithubIdentityProvider:
Enable: false
Only one per account
You can only have one GithubIdentityProvider or MaskinportenKeyRotation enabled per account, if you already have enabled this in a different environment, you can not enable it here.
If you do enable it, you will encounter a error when applying the stack.
Step 2: Add and install the iam package
Run the following command in the repo-iac/environments/dev/ directory:
This will add the package you want to install to packages.yml. If you want to know more about how this works, read the reference documentation for packages.yml.
Then, run the following command to install the package:
Step 3: Initialize and apply the iam stack
Step 4: Verify
OICD
To verify that OIDC is correctly set up, run the following command:
The output list should contain the name of a provider with token.actions.githubusercontent.com as a part of the ARN.
Maskinporten
To verify that a correct Maskinporten role is set up, run the following command:
The output list should contain a role nameddataplatform-maskinporten.
OICD
To verify that OIDC is correctly set up, login to the AWS console and navigate to IAM. Select Identity Providers in the left-hand menu.
The list should contain a provider called token.actions.githubusercontent.com.
Maskinporten
To verify that a correct Maskinporten role is set up, login to the AWS console and navigate to IAM. Select Roles in the left-hand menu and search for dataplatform-maskinporten.
The list should contain a role named dataplatform-maskinporten.
Commit your files
At this stage it is a good idea to commit your files.
Next step
Set up application common.