Adding AWS Resources to Opal Groups via AWS Tags
Amazon Web Services tags can be used to add AWS resources to one or more Opal groups.
After adding the appropriate AWS tag, the AWS resource will be added to the Opal group, via automatic or manual syncing.
To identify the Opal group you want to add, you will need its Group ID: this can be found by navigating to the group of interest and inspecting the URL. For example, an Opal group with the URL https://app.opal.dev/groups/9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed#overview
has a Group ID of 9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed
.
The following syntax for AWS tagging is used for each type of resource. Each tag consists of a key and a value.
IAM Role
- Key:
opal:group
- Value: a colon-separated list of Opal Group IDs, e.g.
9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed:4d05f3dd-e2e6-488a-8d67-aab1eccbc058
RDS Database
- Key:
opal:group:ACCESS_LEVEL
(e.gopal:group:fullaccess
).ACCESS_LEVEL
is the name of the database user that the Opal group should have access to. This database user must have been set up as per this guide. - Value: a colon-separated list of Opal Group IDs, e.g.
9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed:4d05f3dd-e2e6-488a-8d67-aab1eccbc058
EC2 Instance
- Key:
opal:group
- Value: a colon-separated list of Opal Group IDs, e.g.
9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed:4d05f3dd-e2e6-488a-8d67-aab1eccbc058
EKS Cluster
- Key:
opal:group:ACCESS_LEVEL
(e.g.opal:group:ClusterAdmin
).ACCESS_LEVEL
is the name of the IAM role that the Opal group should have access to. This IAM role must have been set up to map to a cluster role as per this guide. - Value: a colon-separated list of Opal Group IDs, e.g.
9a8ecbac-ccc9-47a1-9d0d-1325e8db60ed:4d05f3dd-e2e6-488a-8d67-aab1eccbc058
Updated over 2 years ago