Document AWS template resource names support

otterize · Apr 4, 2024 · 6875232 · 6875232
1 parent 350af9c
commit 6875232
Showing 1 changed file with 20 additions and 2 deletions.
diff --git a/docs/features/aws-iam/reference.mdx b/docs/features/aws-iam/reference.mdx
@@ -22,13 +22,31 @@ spec:
       awsActions:
         - "s3:PutObject"
         - "s3:GetObject"
-      # Multiple call definitions can be defined for a single service.
-	- name: arn:aws:s3:::read-only-bucket-*/*
+    # Multiple call definitions can be defined for a single service.
+    - name: arn:aws:s3:::read-only-bucket-*/*
       type: aws
       awsActions:
         - "s3:GetObject"
 ```
 
+AWS intents support templating resource names by AWS region & account ID.
+The templates `$(AWS_REGION)` & `$(AWS_ACCOUNT_ID)` in AWS resource ARNs will be automatically replaced with the EKS cluster's region & account ID:
+
+```yaml
+apiVersion: k8s.otterize.com/v1alpha3
+kind: ClientIntents
+metadata:
+  name: client
+spec:
+  service:
+    name: client
+  calls:
+    - name: arn:aws:sqs:$(AWS_REGION):$(AWS_ACCOUNT_ID):queue1
+      type: aws
+      awsActions:
+        - "sqs:*"
+```
+
 ### Annotations
 
 | Key                                                        | Description                                                                                                                                                                                  | Default  |