Skip to content

Container that can be started in KOPs cluster in AWS to Unblock Acct ACL For state and oidc s3 Access

License

Notifications You must be signed in to change notification settings

abeowlu/kops-s3-ACL

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

KOPs-S3-ACL

Quick fix for a painpoint where secure S3 public access block configurstion is overriden for all bucket acl by organizational policy.

And KOPs cluster on AWS requirement to save cluster state and oidc in S3 bucket needs this public ACL access.

This program checks AWS account s3 ACL configuration and enables public ACL config to allow KOPs to access s3 buckets.


Build and test

Clone this repo

git clone https://github.com/AbeOwlu/kops-s3-ACL.git

Application code (main.cpp) can be reviewed, modified, built and tested locally;

cd src/ #open main.cpp in editor
mkdir ../build && cd build && cmake ../src --build . --config=Debug

A ready container image that can be deployed as a runtime container (batch/job) on a kops cluster is available here public.ecr.aws/f6q5p7u8/kops-s3-acl:latest, for linux/amd64. Docker image for other architectures can be built using the dockerfile available in this repo;

docker build --target build-app  --platform <linux/amd64> -t <"$IMAGE_TAG"> .

An example deployment is avalailable in the exampe usage folder. The block ACL change is run every 1.5 hours as a cron job.

About

Container that can be started in KOPs cluster in AWS to Unblock Acct ACL For state and oidc s3 Access

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published