AWS

AWS connections enable integration with Amazon Web Services for health checks, configuration scraping, and playbook automation.

Used By

AWS Config Scraper - Scrape AWS resource configurations
CloudWatch Health Check - Monitor CloudWatch metrics
S3 Folder Check - Check S3 bucket contents
Playbook Actions - Execute AWS-related automation

Field	Description	Scheme
`accessKey`	Access Key ID	EnvVar
`connection`	The connection url to use, mutually exclusive with `accessKey` and `secretKey`	Connection
`endpoint`	Custom AWS Endpoint to use	`string`
`region`	The AWS region	`string`
`secretKey`	Secret Access Key	EnvVar
`skipTLSVerify`	Skip TLS verify when connecting to AWS	`boolean`

Authentication Methods

1AWS Instance or Pod Identity

Use the AWS Instance Profile or Pod Identity. This is the default when no connection or accessKey is specified and the recommended approach for workloads running on AWS infrastructure.

2Connection Reference

Reference a shared Connection for reusable credentials:

using-connection-reference.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: cloudwatch-check
spec:
  interval: 30
  cloudwatch:
    - connection: connection://aws/production
      region: us-east-1

3Inline Credentials

Specify credentials directly using Kubernetes secrets:

inline-credentials.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: cloudwatch-check
spec:
  interval: 30
  cloudwatch:
    - accessKey:
        valueFrom:
          secretKeyRef:
            name: aws-credentials
            key: AWS_ACCESS_KEY_ID
      secretKey:
        valueFrom:
          secretKeyRef:
            name: aws-credentials
            key: AWS_SECRET_ACCESS_KEY
      region: us-east-1

Examples

Connection Resource

Create a reusable AWS connection:

aws-connection.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Connection
metadata:
  name: aws-production
  namespace: default
spec:
  aws:
    region: us-east-1
    accessKey:
      valueFrom:
        secretKeyRef:
          name: aws-credentials
          key: AWS_ACCESS_KEY_ID
    secretKey:
      valueFrom:
        secretKeyRef:
          name: aws-credentials
          key: AWS_SECRET_ACCESS_KEY

Cross-Account Access with AssumeRole

Access resources in another AWS account:

aws-assume-role.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Connection
metadata:
  name: aws-cross-account
spec:
  aws:
    region: us-east-1
    accessKey:
      valueFrom:
        secretKeyRef:
          name: aws-credentials
          key: AWS_ACCESS_KEY_ID
    secretKey:
      valueFrom:
        secretKeyRef:
          name: aws-credentials
          key: AWS_SECRET_ACCESS_KEY
    assumeRole: arn:aws:iam::123456789012:role/CrossAccountAccess

Used By​

Authentication Methods​

Examples​

Used By

Authentication Methods

Examples