0

Hello,   I am trying to deploy a standalone application onto AWS EKS. I am using the CLI tool as a baseline, and then modifying the configuration as necessary. My app is build on Studio Pro 9.24.26 and I am using Operator 2.20.1. The issue I have encountered is that according to the documentation for existing bucket and account, the operator config requires an IAM user Access key and Secret key. My company has restricted our permission to generate keys like that. We cannot set up blob storage thru IRSA or the other options, because the Mendix operator will attempt to create resources on my behalf, which is also a blocked action.    I am able to generate temporary access keys for the user and deploy the application initially, but those values will expire after a short time. After that, I am worried that Mendix will not be able to use its storage plan and my deployment will be messed up. Here is a snippet of the operator YAML that I have working at first: storage_plan: name: mx-storage type: amazon-s3 s3: irsa_authentication: false create_bucket: false create_user: false create_inline_policy: true existing_bucket: "" existing_policy: "" bucket_autogen_prefix: true bucket_prefix: "" share_bucket: false endpoint: https://bucket-endpoint.s3.us-east-1.amazonaws.com/ access_key: **************** secret_key: ***************************** oidc_url: "" Can someone advise if there is a workaround to make this work when my environment is limited as such? Instead of giving it a user and access keys, I wish that I could configure it with an IAM role to assume that has sufficient privileges. However I do not think the operator is built to handle that.  

asked 2025-04-16

0 answers