Amazon Web Services tags can be used to add AWS resources to one or more Opal groups.

After adding the appropriate AWS tag, the AWS resource will be added to the Opal group, via automatic or manual syncing.

To identify the Opal group you want to add, you will need its Group ID: this can be found by navigating to the group of interest and inspecting the URL. For example, an Opal group with the URL https://app.opal.dev/groups/9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed#overview has a Group ID of 9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed.

The following syntax for AWS tagging is used for each type of resource. Each tag consists of a key and a value.

IAM Role

• Key: opal:group
• Value: a colon-separated list of Opal Group IDs, e.g. 9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed:4d05f3dd-e2e6-488a-8d67-aab1eccbc058

RDS Database

• Key: opal:group:ACCESS_LEVEL (e.g opal:group:fullaccess). ACCESS_LEVEL is the name of the database user that the Opal group should have access to. This database user must have been set up as per this guide.
• Value: a colon-separated list of Opal Group IDs, e.g. 9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed:4d05f3dd-e2e6-488a-8d67-aab1eccbc058

EC2 Instance

• Key: opal:group
• Value: a colon-separated list of Opal Group IDs, e.g. 9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed:4d05f3dd-e2e6-488a-8d67-aab1eccbc058

EKS Cluster

• Key: opal:group:ACCESS_LEVEL (e.g. opal:group:ClusterAdmin). ACCESS_LEVEL is the name of the IAM role that the Opal group should have access to. This IAM role must have been set up to map to a cluster role as per this guide.
• Value: a colon-separated list of Opal Group IDs, e.g. 9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed:4d05f3dd-e2e6-488a-8d67-aab1eccbc058