|
1 | | -Redpanda automatically assigns IAM policies to the Redpanda Cloud agent when it is deployed. The permissions grant the agent access to the BYOC cluster. IAM policies |
2 | | -_do not_ grant user access to a cluster; rather, they grant the deployed Redpanda |
3 | | -agent access, so that brokers can communicate with the BYOC clusters. |
| 1 | +Redpanda automatically assigns IAM policies to the Redpanda Cloud agent when it is deployed. The permissions grant the agent access to the BYOC cluster. |
4 | 2 |
|
5 | | -See also: xref:get-started:cloud-overview.adoc#byoc-architecture[BYOC architecture] |
| 3 | +ifdef::env-aws[] |
| 4 | +[NOTE] |
| 5 | +==== |
| 6 | +* This page lists the IAM permissions Redpanda needs to create xref:get-started:cluster-types/byoc/aws/create-byoc-cluster-aws.adoc[BYOC clusters]. This _does not_ pertain to xref:get-started:cluster-types/byoc/aws/vpc-byo-aws.adoc[BYOVPC clusters]. |
| 7 | +* No IAM permissions are required for Redpanda Cloud users. IAM policies do not grant user access to a cluster; rather, they grant the deployed Redpanda agent access, so that brokers can communicate with the BYOC clusters. |
| 8 | +==== |
6 | 9 |
|
7 | | -NOTE: This page lists the IAM permissions Redpanda needs to create a BYOC cluster. No IAM permissions are required for Redpanda Cloud users. |
8 | | - |
9 | | -ifdef::env-aws[] |
10 | 10 | == AWS IAM policies |
11 | 11 |
|
12 | 12 | IAM policies are assigned to deployed Redpanda agents for BYOC AWS |
@@ -504,6 +504,12 @@ statement { |
504 | 504 | endif::[] |
505 | 505 |
|
506 | 506 | ifdef::env-gcp[] |
| 507 | +[NOTE] |
| 508 | +==== |
| 509 | +* This page lists the IAM permissions Redpanda needs to create xref:get-started:cluster-types/byoc/gcp/create-byoc-cluster-gcp.adoc[BYOC clusters]. This _does not_ pertain to xref:get-started:cluster-types/byoc/gcp/vpc-byo-gcp.adoc[BYOVPC clusters]. |
| 510 | +* No IAM permissions are required for Redpanda Cloud users. IAM policies do not grant user access to a cluster; rather, they grant the deployed Redpanda agent access, so that brokers can communicate with the BYOC clusters. |
| 511 | +==== |
| 512 | + |
507 | 513 | == GCP IAM policies |
508 | 514 |
|
509 | 515 | The Redpanda agent service account for GCP is granted the following roles/permissions to manage |
@@ -748,6 +754,12 @@ endif::[] |
748 | 754 |
|
749 | 755 |
|
750 | 756 | ifdef::env-azure[] |
| 757 | +[NOTE] |
| 758 | +==== |
| 759 | +* This page lists the IAM permissions Redpanda needs to create xref:get-started:cluster-types/byoc/azure/create-byoc-cluster-azure.adoc[BYOC clusters]. This _does not_ pertain to xref:get-started:cluster-types/byoc/azure/vnet-azure.adoc[BYOVPC clusters]. |
| 760 | +* No IAM permissions are required for Redpanda Cloud users. IAM policies do not grant user access to a cluster; rather, they grant the deployed Redpanda agent access, so that brokers can communicate with the BYOC clusters. |
| 761 | +==== |
| 762 | + |
751 | 763 | Azure RBAC (role-based access control) is scoped to resource groups. For example: |
752 | 764 |
|
753 | 765 | ``` |
|
0 commit comments