3 min read | by Jordi Prats
To start creating resources on AWS we can choose the AWS native provider or go with the Jet provider that uses terraform's AWS provider under the hood to generate a Crossplane provider
If we take a look at the number of CRDs exposes the native AWS provider, we have 124 on the version 0.24.1.
For the AWS Jet provider we have two versions:
To use the AWS Jet provider we will also need an IAM role to associate with any of the namespace's ServiceAccounts:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::123456789876:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/1B45E2E0B2D55D1E1BC9FA13D02A31CD"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
"oidc.eks.eu-west-1.amazonaws.com/id/BC91B45B2E0D1F02AD55D1EA13DE231C:sub": "system:serviceaccount:crossplane-system:*"
}
}
}
]
}
If we want to use the lightweight version we can configure it as follows:
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
name: jet-aws-config
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::123456789876:role/crossplane
spec:
podSecurityContext:
fsGroup: 2000
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: jet-provider-aws
spec:
package: crossplane/provider-jet-aws:v0.4.0
controllerConfigRef:
name: jet-aws-config
---
apiVersion: aws.jet.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: jet-aws-provider
spec:
credentials:
source: InjectedIdentity
Once the provider Pods are ready we can now create the resources, for example an S3 Bucket. Please notice how the apiVersion if different depending on the provider we are using:
apiVersion: s3.aws.jet.crossplane.io/v1alpha2
kind: Bucket
metadata:
name: pet2cattle-xplane-test
spec:
providerConfigRef:
name: jet-aws-provider
forProvider:
region: 'eu-west-1'
Using kubectl describe we will be able to check for it's status. If there's some errors we might get terraform errors as well:
$ kubectl describe bucket.s3.aws.jet.crossplane.io/pet2cattle-xplane-test
Name: pet2cattle-xplane-test
Namespace:
Labels: <none>
Annotations: crossplane.io/external-create-pending: 2022-02-13T19:29:14Z
crossplane.io/external-create-succeeded: 2022-02-13T19:29:21Z
crossplane.io/external-name: pet2cattle-xplane-test
terrajet.crossplane.io/provider-meta: null
API Version: s3.aws.jet.crossplane.io/v1alpha2
Kind: Bucket
Metadata:
(...)
Spec:
Deletion Policy: Delete
For Provider:
Region: eu-west-1
Provider Config Ref:
Name: jet-aws-provider
Status:
At Provider:
Conditions:
Last Transition Time: 2022-02-13T19:29:21Z
Reason: Creating
Status: False
Type: Ready
Last Transition Time: 2022-02-13T19:29:21Z
Reason: ReconcileSuccess
Status: True
Type: Synced
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreatedExternalResource 10s managed/s3.aws.jet.crossplane.io/v1alpha2, kind=bucket Successfully requested creation of external resource
Using the AWS cli we can double check that the bucket have been successfully created:
$ aws s3 ls | grep xplane
2022-02-13 19:29:21 pet2cattle-xplane-test
Posted on 02/03/2022