From bab3d5b27abd165dca4454aaa438c81720737b2b Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 20 Dec 2024 10:58:29 -0600 Subject: [PATCH 1/2] docs update for aws compute scanner --- apps/docs/pages/integrations/_meta.ts | 1 + .../integrations/aws/compute-scanner.mdx | 60 +++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 apps/docs/pages/integrations/aws/compute-scanner.mdx diff --git a/apps/docs/pages/integrations/_meta.ts b/apps/docs/pages/integrations/_meta.ts index 639d022a6..5c5ebce0e 100644 --- a/apps/docs/pages/integrations/_meta.ts +++ b/apps/docs/pages/integrations/_meta.ts @@ -1,6 +1,7 @@ export default { github: "GitHub", "google-cloud": "Google Cloud", + aws: "AWS", kubernetes: "Kubernetes", "terraform-cloud": "Terraform Cloud", api: "API", diff --git a/apps/docs/pages/integrations/aws/compute-scanner.mdx b/apps/docs/pages/integrations/aws/compute-scanner.mdx new file mode 100644 index 000000000..55fc08f60 --- /dev/null +++ b/apps/docs/pages/integrations/aws/compute-scanner.mdx @@ -0,0 +1,60 @@ +# Compute Scanner + +The AWS Compute Scanner is a tool that scans AWS accounts for new instances and +creates resources for them automatically. + +Currently, the AWS compute scanner supports importing the following resources: + +- Amazon Elastic Kubernetes Service Clusters (EKS) + +## Managed AWS Compute Scanner + +The managed AWS Compute Scanner is built into the Ctrlplane solution. Each +workspace will be assigned an AWS IAM role when the managed provider is enabled. +You must provide this IAM role with the required permissions to access the +resources in the AWS accounts that you want it to scan. + +After the integration is enabeld, you can add a new provider, select the Managed +Provider, and add all the roles you would like it to assume to scan the +resources available to those roles. Once you hit submit, you may need to wait a +few minutes while it scans and imports all compute resources. + +## Role Requirements + +The Managed AWS Compute Scanner role can be gotten from the provider settings +under `AWS Role` or from the workspace settings integration page after being +enabled. + +The role that you want assumed in your account must have the following +permissions policy: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": ["eks:*", "ec2:*"], + "Resource": "*" + } + ] +} +``` + +The role also requires a trust policy that allows the +`arn:aws:iam:::role/ctrlplane-` role to assume it. + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam:::role/ctrlplane-" + }, + "Action": "sts:AssumeRole" + } + ] +} +``` From 4c3e6a47ace46e355c01de084f8790ebce7d2f50 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 20 Dec 2024 11:07:17 -0600 Subject: [PATCH 2/2] fix typo --- apps/docs/pages/integrations/aws/compute-scanner.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/docs/pages/integrations/aws/compute-scanner.mdx b/apps/docs/pages/integrations/aws/compute-scanner.mdx index 55fc08f60..c326ca66e 100644 --- a/apps/docs/pages/integrations/aws/compute-scanner.mdx +++ b/apps/docs/pages/integrations/aws/compute-scanner.mdx @@ -14,7 +14,7 @@ workspace will be assigned an AWS IAM role when the managed provider is enabled. You must provide this IAM role with the required permissions to access the resources in the AWS accounts that you want it to scan. -After the integration is enabeld, you can add a new provider, select the Managed +After the integration is enabled, you can add a new provider, select the Managed Provider, and add all the roles you would like it to assume to scan the resources available to those roles. Once you hit submit, you may need to wait a few minutes while it scans and imports all compute resources.