Orbit Environment Administrators should follow these steps to allow users to access their namespace from their local development machines.
Go to your IAM console -> Roles
Search for the team role. The team role is the role name that you can find in the team’s notebook under the Team Side panel plugin, security category, property ‘EksPodRoleArn’ , for example : “arn:aws:iam::495869084367:role/orbit-dev-env-lake-user-role”
Trust relationships -> Edit trust relationship
Add the users’ IAM role/user to the trust relationship. Example:
{
"Effect": "Allow",
"Principal": {
"AWS": "<YOUR_ROLE_ARN>"
},
"Action": "sts:AssumeRole"
},
Sample policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "eks:DescribeCluster",
"Resource": "<Your Orbit EKS Cluster ARN>"
}
]
}
The Orbit EKS Cluster ARN can be found in the EKS Console under configuration tab / Details : Cluster ARN.