website logo
HomeGithubSlack
⌘K
Overview
Quick Start
Supported Services
Running CloudGraph in EKS
Compliance
Rules Engine
AWS
Querying AWS Data
AWS Policy Packs
Billing Data
Services
Azure
Querying Azure Data
Azure Policy Packs
Services
GCP
Querying GCP Data
GCP Policy Packs
Services
K8s
Querying Kubernetes Data
Services
Docs powered by archbee 
21min

Running CloudGraph in EKS

To run CloudGraph in EKS you will need the following assets:

AWS Assets

  1. EKS Cluster
    1. Have an OIDC in the EKS Cluster for IRSA
    2. Use Kubernetes 1.17 or newer
  2. Encrypted s3 Bucket
    1. KMS key
    2. s3 Bucket
  3. IAM Role for CloudGraph with the following:
    1. Permissions to use the KMS key
    2. Permissions to use the s3 bucket
    3. Permissions to assume the roles in the target accounts
    4. A trust policy for the OIDC provider

Kubernetes Assets

  1. A Dockerfile for CloudGraph
  2. A Namespace for CloudGraph
  3. A ServiceAccount for CloudGraph
  4. A recurring workload
    1. Use a CronJob in Kubernetes 1.21 and newer
    2. For Kubernetes 1.20 or older use a ScheduledJob
  5. A ConfigMap for CloudGraph

Authentication model

  1. Target account - IAM Role
  2. CloudGraph account - IAM Role
  3. ServiceAccount annotation
  4. Credential injection
  5. CloudGraph configuration file

Helm Assets

  1. CloudGraph helm chart
  2. Deployment instructions

DGraph Assets

  1. DGraph helm chart
  2. Deployment instructions



Updated 20 Apr 2022
Did this page help you?
Yes
No
UP NEXT
Rules Engine
Docs powered by archbee 
Updated 20 Apr 2022
Did this page help you?
Yes
No
UP NEXT
Rules Engine
Docs powered by archbee 
TABLE OF CONTENTS
AWS Assets
Kubernetes Assets
Authentication model
Helm Assets
DGraph Assets