⌘
K
Home
Github
Slack
Overview
Quick Start
Supported Services
Running CloudGraph in EKS
Compliance
Rules Engine
AWS
Querying AWS Data
AWS Policy Packs
Billing Data
Services
Azure
Querying Azure Data
Azure Policy Packs
Services
GCP
Querying GCP Data
GCP Policy Packs
Services
K8s
Querying Kubernetes Data
Services
Documentation powered by
archbee
21min
Running CloudGraph in EKS
To run CloudGraph in EKS you will need the following assets:
AWS Assets
EKS Cluster
Have an OIDC in the EKS Cluster for IRSA
Use Kubernetes 1.17 or newer
Encrypted s3 Bucket
KMS key
s3 Bucket
IAM Role for CloudGraph with the following:
Permissions to use the KMS key
Permissions to use the s3 bucket
Permissions to assume the roles in the target accounts
A trust policy for the OIDC provider
Kubernetes Assets
A Dockerfile for CloudGraph
A Namespace for CloudGraph
A ServiceAccount for CloudGraph
A recurring workload
Use a CronJob in Kubernetes 1.21 and newer
For Kubernetes 1.20 or older use a ScheduledJob
A ConfigMap for CloudGraph
Authentication model
Target account - IAM Role
CloudGraph account - IAM Role
ServiceAccount annotation
Credential injection
CloudGraph configuration file
Helm Assets
CloudGraph helm chart
Deployment instructions
DGraph Assets
DGraph helm chart
Deployment instructions
|
Updated 20 Apr 2022
Did this page help?
Yes
No
UP NEXT
Rules Engine
Documentation powered by
archbee
|
Updated 20 Apr 2022
Did this page help?
Yes
No
UP NEXT
Rules Engine
Documentation powered by
archbee