creating new access mgmt ESC section #14071
Conversation
|
Your site preview for commit 4afe689 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-4afe6894.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit ea726fb is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-ea726fbd.s3-website.us-west-2.amazonaws.com. |
|
We should combined these two into a single page:
Integrations -> OIDC Provider should probably go into "Environments" with a different title "Configuring OIDC" Also the OIDC provider could use additional context that we are talking about the OIDC for the Dynamic Login credentials, the value of it, and link them. We should add one dynamic login provider as an example, and show them where the rest of the documentation like token claims actually comes into the picture. |
…d addressing other feedback from Arun
…d addressing other feedback from Arun
|
Your site preview for commit d6fdfb3 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-d6fdfb3d.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit 8b2d165 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-8b2d1656.s3-website.us-west-2.amazonaws.com. |
| weight: 3 | ||
| --- | ||
|
|
||
| Pulumi supports secure authentication by integrating with trusted external identity providers using OpenID Connect (OIDC). When configured as an OIDC client, Pulumi establishes a trust relationship with third-party providers such as Google, AWS or GitHub to accept and validate their issued OIDC tokens. After validation, these tokens are exchanged for short-lived Pulumi access tokens, which removes the need for hardcoded credentials. |
There was a problem hiding this comment.
We have OIDC connections from ESC to various clouds, and we have inbound OIDC from a cloud or CI/CD. How can we better disambiguate what we are talking about here? Can we include some scenarios with links to our other content like EKS running in AWS using ESC go get secrets, or GitHub running CI/CD getting access to AWS through Pulumi ESC?
|
Your site preview for commit d9da045 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-d9da0457.s3-website.us-west-2.amazonaws.com. |
|
|
||
| See the following guides to set up OIDC between Pulumi ESC and your specific cloud provider: | ||
|
|
||
| - [Configuring OIDC for AWS](/docs/pulumi-cloud/oidc/provider/aws/) |
There was a problem hiding this comment.
this is the part where it gets hard to find what we are looking for.
How is this link different than the configuring OIDC section you created under "Environment->Configuring OIDC"
The page we take the users to adds friction as it is hard to peace apart what ESC things they need to know
Co-authored-by: arunkumar611 <[email protected]>
Co-authored-by: arunkumar611 <[email protected]>
Co-authored-by: arunkumar611 <[email protected]>
Co-authored-by: arunkumar611 <[email protected]>
Co-authored-by: arunkumar611 <[email protected]>
Co-authored-by: arunkumar611 <[email protected]>
|
Your site preview for commit e70dc9b is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-e70dc9b1.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit 3c238a2 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-3c238a2a.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit 7a37062 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-7a370629.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit 54c9bd4 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-54c9bd42.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit 5a0d7f8 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14071-5a0d7f81.s3-website.us-west-2.amazonaws.com. |
Draft WIP addressing: #13969 - We've had customer feedback that details around how to configure ESC OIDC provider are difficult to find.
Also fixes #13970 : adding details for Teams, RBAC, access token and making a new access mgmt section to the ESC docs