IAM
IAM setup is only applicable for environments that require either OIDC authentication for CI/CD or for applications that have Maskinporten integration.
Step 1: Add and configure the iam
package
Update package-config.yml
and enable the components you need:
StackName: "iam"
MaskinportenKeyRotation:
Enable: false
GithubIdentityProvider:
Enable: false
Only one per account
You can only have one GithubIdentityProvider or MaskinportenKeyRotation enabled per account. If already enabled in a different environment, you cannot enable it here.
Enabling it will cause an error when applying the stack.
Step 2: Install and apply the package
Step 3: Verify
OIDC
To verify OIDC is correctly set up:
Output should contain a provider with token.actions.githubusercontent.com
in the ARN.
Maskinporten
To verify Maskinporten role is set up:
Output should contain roledataplatform-maskinporten
.
OIDC
Login to AWS console and navigate to IAM. Select Identity Providers.
List should contain provider token.actions.githubusercontent.com
.
Maskinporten
In IAM, select Roles and search for dataplatform-maskinporten
.
List should contain role dataplatform-maskinporten
.
Next step
Set up application common.