Skip to content

feat(iam): auto-generated iam resources MTA-5431 #4231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jan 20, 2025
Merged

feat(iam): auto-generated iam resources MTA-5431 #4231

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f115503
fix(iam): integration
ldecarvalho-doc Jan 9, 2025
99c3d57
fix(iam): auto generated resources
ldecarvalho-doc Jan 16, 2025
28db5b5
fix(iam): small addition
ldecarvalho-doc Jan 16, 2025
acabcde
fix(iam): review bene
ldecarvalho-doc Jan 20, 2025
a962f3a
fix(iam): add link to k8s
ldecarvalho-doc Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added ...cess-management/iam/reference-content/assets/scaleway-iam-logs-k8s-example.webp
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
39 changes: 39 additions & 0 deletions ...ty-and-access-management/iam/reference-content/auto-generated-iam-resources.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
meta:
title: Auto-generated IAM resources
description: This page explains how and why Scaleway auto-generates some IAM resources.
content:
h1: Auto-generated IAM resources
paragraph: This page explains how and why Scaleway auto-generates some IAM resources.
tags: iam
dates:
validation: 2025-01-16
categories:
- iam
---

Sometimes Scaleway might automatically generate IAM resources, such as applications, groups and policies.

This allows policies to be set up with specific product resources as principals. These policies are created by Scaleway and can be managed by users to ensure more the access management of resource permissions.

Any time Scaleway automatically creates or deletes an IAM resource, you will see it on your IAM logs.

<Lightbox src="scaleway-iam-logs-k8s-example.webp" alt="Image showing IAM logs in the Scaleway console. The first two lines show a policy and group that were automatically created for a Kubernetes Kapsule cluster, respectively. The third and fourth line show a group and a policy that were deleted. In all cases, the logs indicate that the actions were performed by Scaleway." />

## Kubernetes Kapsule

Currently, auto-generated IAM resources only occur in Kubernetes Kapsule when a cluster is created.

Whenever a cluster is created, automatically so are:
- An IAM group containing all the nodes in the cluster as IAM applications
<Message type="note">
The node IAM applications are not visible to users.
</Message>
- An IAM policy with default permission sets and the cluster group as a principal

The default policy can be edited by users to grant the cluster group permission according to their use-cases.





4 changes: 4 additions & 0 deletions menu/navigation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -410,6 +410,10 @@
{
"label": "Reproducing roles and Project-scoped API keys with IAM",
"slug": "reproduce-roles-project-api-keys"
},
{
"label": "Auto-generated IAM resources",
"slug": "auto-generated-iam-resources"
}
],
"label": "Additional Content",
Expand Down
Loading