Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-25937

AWS External ID support for Cost Management

XMLWordPrintable

    • 5
    • False
    • Hide

      None

      Show
      None
    • False
    • Unset
    • None
    • Plat-Ex Sprint 67, Plat-Ex Sprint 68, Plat-Ex Sprint 69

      Summary

      AWS now supports and suggests as best practice the use of an External ID when creating IAM roles with cross-account access. The cost management AWS source flow has a user create such a role. We are requesting that the wizard flow for creating a cost management AWS source be updated to generate a per-customer randomized string that the customer can use to populate the external ID in AWS when creating the role. Sources would then pass along that external ID (in addition to the role ARN passed today) in a message to cost management upon source creation.

      Business Impacts

      This is required for a Hybrid Committed Spend customer. It's a new way AWS provides for customers to add more security so it is expected to be used more in the future. We would love to have this sooner rather than later. The sizing is not expected to be huge.

      Impacts

      • Sources UI
      • Cost Management Team
      • Other consumers of AWS sources

      Requires

      • Updates to the Sources UI
      • Updates to the Sources API/Messages

      UX Mocks: https://www.sketch.com/s/13021cc9-c842-4a6e-9e61-240f17a2b59a/a/qbK2aye

      cc: kriedese, clevy@redhat.com

              fhlavac Filip Hlavac
              kholdawa@redhat.com Kevan Holdaway
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: