Skip to main content

Installation

Permissions

  • To get Port API credentials, you check out the Port API documentation.
  • In order to successfully deploy the AWS integration, it's crucial to ensure that the user who deploys the integration in the AWS Organization has the appropriate access permissions to create all of the relevant resources (ECS, IAM, and VPC).
Multiple Account Support

To do the following:

  1. Enable multiple accounts for the integration.
  2. View account data.

Make sure you set up properly using our Multiple Accounts guide

Choose one of the following installation methods:

The AWS integration is deployed using Helm on you cluster. You can check out the Helm chart here.

Prerequisites

IAM User

helm repo add --force-update port-labs https://port-labs.github.io/helm-charts
helm upgrade --install aws port-labs/port-ocean \
--set port.clientId="$PORT_CLIENT_ID" \
--set port.clientSecret="$PORT_CLIENT_SECRET_ID" \
--set port.baseUrl="https://api.getport.io" \
--set initializePortResources=true \
--set sendRawDataExamples=true \
--set scheduledResyncInterval=1440 \
--set integration.identifier="my-aws" \
--set integration.type="aws" \
--set integration.eventListener.type="POLLING" \
--set integration.config.awsAccessKeyId="$AWS_ACCESS_KEY_ID" \
--set integration.config.awsSecretAccessKey="$AWS_SECRET_ACCESS_KEY"

IRSA

If you are using IRSA. You'll need to:

helm repo add --force-update port-labs https://port-labs.github.io/helm-charts
helm upgrade --install aws port-labs/port-ocean \
--set port.clientId="$PORT_CLIENT_ID" \
--set port.clientSecret="$PORT_CLIENT_SECRET_ID" \
--set port.baseUrl="https://api.getport.io" \
--set initializePortResources=true \
--set sendRawDataExamples=true \
--set scheduledResyncInterval=1440 \
--set integration.identifier="my-aws" \
--set integration.type="aws" \
--set integration.eventListener.type="POLLING" \
--set podServiceAccount.name="$SERVICE_ACCOUNT"

Multiple account support

For running the AWS integration using helm, you'll need to make sure that you have the following: (Check out our multiple accounts guide for how to get them)

  1. An organization role ARN
  2. A Role with Read permissions set-up across your AWS accounts
  3. IRSA or a user with the previous read-permissions role bound to them.

Then, you'll be able to run the integration: (You can switch the podServiceAccount.name configuration to your integration.config.awsAccessKeyId, integration.config.awsSecretAccessKey configurations)

helm repo add --force-update port-labs https://port-labs.github.io/helm-charts
helm upgrade --install aws port-labs/port-ocean \
--set port.clientId="$PORT_CLIENT_ID" \
--set port.clientSecret="$PORT_CLIENT_SECRET_ID" \
--set port.baseUrl="https://api.getport.io" \
--set initializePortResources=true \
--set sendRawDataExamples=true \
--set scheduledResyncInterval=1440 \
--set integration.identifier="my-aws" \
--set integration.type="aws" \
--set integration.eventListener.type="POLLING" \
--set podServiceAccount.name="$SERVICE_ACCOUNT" \
--set integration.config.accountReadRoleName="$YOUR_ACCOUNT_READ_ROLE_NAME" \
--set integration.config.organizationRoleArn="$YOUR_ORGANIZATION_ROLE_ARN"

Further Examples

Refer to the examples page for practical configurations and their corresponding blueprint definitions.