Session Management > Manage teams using IaC > Setting up teams

Setting up teams

Set groups

Implement creating folders as teams including application and platform.

mkdir teams && cd teams && mkdir platform-team && mkdir application-team

Deployment Pipeline

We’ll start by creating an IAM user for platform.

aws iam create-user --user-name platform

Deployment Pipeline

Create a file index.ts, used to create resources for platform-team

cd platform-team && touch index.ts

Deployment Pipeline c)

Next we add the following code block to index.ts

import { ArnPrincipal } from "aws-cdk-lib/aws-iam";
import { PlatformTeam } from '@aws-quickstart/eks-blueprints';

export class TeamPlatform extends PlatformTeam {
    constructor(accountID: string) {
        super({
            name: "platform",
            users: [new ArnPrincipal(`arn:aws:iam::${accountID}:user/platform`)]
        })
    }
}

Explanation of the code block:

The above code block imports ArnPrincipal construct from aws-cdk-lib/aws-iam module for AWS CDK so that users can be added to the platform with IAM credentials their.
The best way is to extend a class using PlatformTeam class so that our platform/infrastucture people can manage users/roles, while developers can simply create groups using the provided arugments transmisson.
Then we pass in two arguments: name and list of IAM users.

Deployment Pipeline

Application Team

Create IAM user for the application team.

aws iam create-user --user-name application

Deployment Pipeline

Change directory path and create file index.ts

cd ../application-team && touch index.ts

Deployment Pipeline

Add code to teams/application-team/index.ts file

import { ArnPrincipal } from 'aws-cdk-lib/aws-iam';
import { ApplicationTeam } from '@aws-quickstart/eks-blueprints';


export class TeamApplication extends ApplicationTeam {
    constructor(name: string, accountID: string) {
        super({
            name: name, 
            users: [new ArnPrincipal(`arn:aws:iam::${accountID}:user/application`)] 
        });
    }
}

The Application Team template will do the following things:

Create a namespace
Register quotas
Register as an IAM user to access multiple accounts
Create a shared role to access the cluster. Alternatively, an existing role can be provisioned.
Register the role/user provided in the awsAuth map for kubectl and dashboard access to the cluster and namespace.

Deployment Pipeline

We will create an additional file index.ts in the team folder

cd .. && touch index.ts

Deployment Pipeline

In the file index.ts add the following code:

export { TeamPlatform } from './platform-team';
export { TeamApplication } from './application-team';

Deployment Pipeline