In order to control Flyte’s access to AWS resources, the following roles have to be created:
This role will be used by the Kubernetes control plane to handle its internal communication and also to manage features like autoscaling.
- From the AWS Management console, go to IAM
- Go to Access Management > Roles > Create role
- Leave the default Trusted entity type (
AWS Service) - From the Use case dropdown find and select EKS then EKS-Cluster
- Ensure that the
AmazonEKSClusterPolicyis selected - Select Create the role without a permissions boundary.
Setting proper permissions restrictions is advisable, and it should be done in accordance with your organization’s security policies. Check the EKS Best Practices Guide for further reference. - Give the role an informative name and hit Create role
Learn more about the EKS cluster role
This role will be used by the Kubernetes worker nodes where the actual workloads will run.
- From the AWS Management console, go to IAM
- Go to Access Management > Roles > Create role
- Leave the default Trusted entity type (
AWS Service) - Select EC2 as Use case
- Choose the following policies:
AmazonEKSWorkerNodePolicyAmazonEC2ContainerRegistryReadOnlyAmazonEKS_CNI_Policy
- Select Create the role without a permissions boundary.
Setting proper permissions restrictions is advisable, and it should be done in accordance with your organization’s security policies. Check the EKS Best Practices Guide for further reference. Give the role an informative name and hit Create role
Next: Deploy an EKS cluster