Run Cloud Scanner on Kubernetes or with the Console
Closed this issue · 1 comments
gnmahanth commented
| Cloud Provider | IAM Role | Single Account | Org Account | Docker Compose |
|---|---|---|---|---|
| AWS | ✅ | ✅ | ✅ | need to attach required IAM roles to EC2 instance |
| GCP | ❌ | ❌ | ❌ | NA |
| Azure | ❌ | ❌ | ❌ | NA |
- ✅ - supported
- ❌ - not supported
Requirement
- Cloud scanner on AWS EKS uses IRSA for auth (Completed in #2289)
- GCP supports similar IAM roles with workload identity which can be used similar to AWS IRSA
(https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#kubernetes-sa-to-iam) - Check if Azure supports IAM roles similar to AWS IAM or GCP workload identity
- Running Cloud scanner outside IAM role requires access credentials for aws / service account credentials json for gcp / project app password for azure
- Should single instance of cloud scanner support multiple cloud providers? is it supported in current implementation?
- Separate out IAM roles creation scripts to use as standalone modules
ramanan-ravi commented
Should single instance of cloud scanner support multiple cloud providers? is it supported in current implementation?
Not supported at the moment, but we should be able to add support if required