Hello!
We are using Qovery to deploy a script on a S3 bucket. Hence, we needed a role with limited permissoins on a specific S3 bucket. Following the Use AWS IAM roles with Qovery, we made it work.
Hence, we currently have two services for this task: a service account (SA) service, and a deployment lifecycle service.
Now, we would need a second role in our environment. We could probably create a second SA service for this task, but I’m wondering if there is a way to re-use the existing one, just changing the security.service_account_name
advanced settings on the consumers?
How would the sa.yaml
file look like if we need to propose different roles, as we have a single role-arn
property:
metadata:
annotations:
eks.amazonaws.com/role-arn: $AWS_ROLE_ARN
Thanks!