chore(crossplane): split providerconfigs and use a chain of AssumeRoles

2025-03-01 13:56:49 -05:00 · 2025-03-01 13:56:49 -05:00 · 76ec3d0c54
commit 76ec3d0c54
parent 861aa2cbcc
4 changed files with 42 additions and 5 deletions
--- a/bootstrap/crossplane/providerconfig.route53.yaml
+++ b/bootstrap/crossplane/providerconfig.route53.yaml
@ -0,0 +1,18 @@
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: route53
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  assumeRoleChain:
+    - roleARN: "arn:aws:iam::000654387266:role/CrossplaneServiceRole"
+    - roleARN: "arn:aws:iam::000654387266:role/Route53ManagementRole"
+
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: aws-secret
+      key: creds