[RFC-0010] Add multi-tenant workload identity support for AWS Bucket #1868
+153
−116
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cappyzawa
added
area/bucket
cappyzawa
force-pushed
the
feat/bucket-workload-identity-aws
branch
4 times, most recently
from
3e0213c to
3300705
Compare
cappyzawa
commented
Aug 13, 2025
matheuscscp
reviewed
Aug 13, 2025
cappyzawa
force-pushed
the
feat/bucket-workload-identity-aws
branch
4 times, most recently
from
9fe7486 to
ef755b2
Compare
matheuscscp
reviewed
Aug 14, 2025
matheuscscp
reviewed
Aug 14, 2025
|
Let's not delete this much documentation on this PR, in the past we considered deleting all Workload Identity related documentation and just linking to the full guide and decided not to do that in that moment, we need more time to think how we will do this. Can you please reset to this commit? 3300705 This one was looking pretty good, I'd like to reboot the review starting from that one |
cappyzawa
force-pushed
the
feat/bucket-workload-identity-aws
branch
2 times, most recently
from
29b4242 to
6dd483d
Compare
matheuscscp
approved these changes
Aug 14, 2025
There was a problem hiding this comment.
@cappyzawa Thanks very much for helping ship this RFC!! ❤️
The commit 6dd483d LGTM! 🚀
I was able to test this commit for both controller-level and object-level workload identity with AWS S3 👌
Please rebase and squash after applying the following final diff:
diff --git a/docs/spec/v1/buckets.md b/docs/spec/v1/buckets.md
index 2ce2a88..03e6516 100644
--- a/docs/spec/v1/buckets.md
+++ b/docs/spec/v1/buckets.md
@@ -199,6 +199,8 @@ The Provider allows for specifying the
[Amazon AWS Region](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions)
using the [`.spec.region` field](#region).
+For detailed setup instructions, see: https://fluxcd.io/flux/integrations/aws/#for-amazon-simple-storage-service
+
##### AWS EC2 example
**Note:** On EKS you have to create an [IAM role](#aws-iam-role-example) for
Signed-off-by: cappyzawa <[email protected]>
cappyzawa
force-pushed
the
feat/bucket-workload-identity-aws
branch
from
6dd483d to
041aa6c
Compare
71 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part of: fluxcd/flux2#5022