From 68752323be46276efbc42af994e4765ec665b17c Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Thu, 4 Apr 2024 14:45:48 +0300 Subject: [PATCH] Document AWS template resource names support --- docs/features/aws-iam/reference.mdx | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/features/aws-iam/reference.mdx b/docs/features/aws-iam/reference.mdx index f3141ad79..f4cb71d39 100644 --- a/docs/features/aws-iam/reference.mdx +++ b/docs/features/aws-iam/reference.mdx @@ -22,13 +22,31 @@ spec: awsActions: - "s3:PutObject" - "s3:GetObject" - # Multiple call definitions can be defined for a single service. - - name: arn:aws:s3:::read-only-bucket-*/* + # Multiple call definitions can be defined for a single service. + - name: arn:aws:s3:::read-only-bucket-*/* type: aws awsActions: - "s3:GetObject" ``` +AWS intents support templating resource names by AWS region & account ID. +The templates `$(AWS_REGION)` & `$(AWS_ACCOUNT_ID)` in AWS resource ARNs will be automatically replaced with the EKS cluster's region & account ID: + +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client +spec: + service: + name: client + calls: + - name: arn:aws:sqs:$(AWS_REGION):$(AWS_ACCOUNT_ID):queue1 + type: aws + awsActions: + - "sqs:*" +``` + ### Annotations | Key | Description | Default |