chore(work): add Crossplane examples

2025-03-05 13:02:36 -05:00 · 2025-03-05 13:02:36 -05:00 · 31a9a4ce92
commit 31a9a4ce92
parent c3edbddce8
10 changed files with 375 additions and 0 deletions
--- a/bootstrap/crossplane/iam-examples/CrossplaneServiceRole.json
+++ b/bootstrap/crossplane/iam-examples/CrossplaneServiceRole.json
@ -0,0 +1,24 @@
+{
+    "Role": {
+        "Path": "/",
+        "RoleName": "CrossplaneServiceRole",
+        "AssumeRolePolicyDocument": {
+            "Version": "2012-10-17",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Principal": {
+                        "Federated": "arn:aws:iam::XXXXXXXXXXXX:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
+                    },
+                    "Action": "sts:AssumeRoleWithWebIdentity",
+                    "Condition": {
+                        "StringEquals": {
+                            "oidc.eks.us-east-1.amazonaws.com/id/YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY:sub": "system:serviceaccount:NAMESPACE:SERVICEACCOUNTNAME",
+                            "oidc.eks.us-east-1.amazonaws.com/id/YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY:aud": "sts.amazonaws.com"
+                        }
+                    }
+                }
+            ]
+        }
+    }
+}