Add IAMAuthPolicy doc #492

zijun726911 · 2023-11-10T21:33:41Z

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

mikhail-aws · 2023-11-10T23:31:51Z

docs/reference/iam-auth-policy.md

+VPC Lattice auth policies are IAM policy documents that you attach to service networks or services to control whether a specified principal has access to a group of services or specific service (AuthZ). 
+By attaching Kubernetes IAMAuthPolicy CRD to the k8s gateway or k8s route, you could apply auth policy to corresponding VPC Lattice service network or VPC Lattice service that you want to control access. 
+Please check [VPC Lattice auth policy documentation](https://docs.aws.amazon.com/vpc-lattice/latest/ug/auth-policies.html) for more details.


nit: formatting: can set line length limit?

Starting from "By attaching" can be removed.

IAMAuthPolicy implements Direct Policy Attachment of Gateway API's GEP-713: Metaresources and Policy Attachment. Policy can be attached to Gateway, HTTPRoute, GRPCRoute Kinds. (you can add links to gw spec here). Gateway policy attaches to Lattice Service Network and HTTP/GRPCRoute to Lattice Service. Please see Control access to services using auth policies for more details about Lattice Auth Policies.

mikhail-aws · 2023-11-11T00:00:41Z

docs/reference/iam-auth-policy.md

+</table>
+
+
+## IAMAauthPolicy Example


please move example above spec

mikhail-aws · 2023-11-11T00:59:55Z

docs/reference/iam-auth-policy.md

+If you create the above IAMAuthPolicy in the k8s cluster, the `my-route` (and it's corresponding VPC Lattice service) will be attached with the given IAM auth policy. 
+Only HTTP traffic with header `header1:value1` will be allowed to access the `my-route`. Please check the [VPC Lattice documentation](https://docs.aws.amazon.com/vpc-lattice/latest/ug/auth-policies.html#auth-policies-common-elements) to get more detail on how lattice auth policy work.


Didnt get what the point of this part.

Do you mean remove the whole ## IAMAauthPolicy Example section?

Done

mikhail-aws

feel free to merge after addressing comments

zijun726911 force-pushed the iam-auth-policy-doc branch from a169fa2 to 460b6ec Compare November 10, 2023 22:27

Add IamAuthPolicy doc

0a9a758

zijun726911 force-pushed the iam-auth-policy-doc branch from 460b6ec to 0a9a758 Compare November 10, 2023 22:34

mikhail-aws suggested changes Nov 11, 2023

View reviewed changes

Add IAMAuthPolicy doc

be4f32e

mikhail-aws approved these changes Nov 11, 2023

View reviewed changes

Address PR comments

b3727cb

zijun726911 merged commit 931f2a8 into aws:main Nov 14, 2023
5 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add IAMAuthPolicy doc #492

Add IAMAuthPolicy doc #492

zijun726911 commented Nov 10, 2023

mikhail-aws Nov 10, 2023

mikhail-aws Nov 10, 2023

mikhail-aws Nov 11, 2023

mikhail-aws Nov 11, 2023

zijun726911 Nov 14, 2023 •

edited

Loading

mikhail-aws left a comment

		If you create the above IAMAuthPolicy in the k8s cluster, the `my-route` (and it's corresponding VPC Lattice service) will be attached with the given IAM auth policy.
		Only HTTP traffic with header `header1:value1` will be allowed to access the `my-route`. Please check the [VPC Lattice documentation](https://docs.aws.amazon.com/vpc-lattice/latest/ug/auth-policies.html#auth-policies-common-elements) to get more detail on how lattice auth policy work.

Add IAMAuthPolicy doc #492

Add IAMAuthPolicy doc #492

Conversation

zijun726911 commented Nov 10, 2023

mikhail-aws Nov 10, 2023

Choose a reason for hiding this comment

mikhail-aws Nov 10, 2023

Choose a reason for hiding this comment

mikhail-aws Nov 11, 2023

Choose a reason for hiding this comment

mikhail-aws Nov 11, 2023

Choose a reason for hiding this comment

zijun726911 Nov 14, 2023 • edited Loading

Choose a reason for hiding this comment

mikhail-aws left a comment

Choose a reason for hiding this comment

zijun726911 Nov 14, 2023 •

edited

Loading