Skip to content

private-ddn: update byoc permission #175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 8, 2025
Merged

private-ddn: update byoc permission #175

merged 1 commit into from
Jul 8, 2025

Conversation

savanipoojan78
Copy link
Collaborator

This pull request updates the documentation for creating a data plane in a Bring Your Own Cloud (BYOC) setup. The changes include enhancements to the CloudFormation template, updates to AWS permissions, and adjustments to GCP configurations, ensuring improved flexibility and clarity for users.

AWS CloudFormation Template Enhancements:

  • Changed the syntax from bash to yaml and added a new ExternalId parameter for trust relationships. This parameter allows customization with validation rules for length and allowed characters.
  • Updated sts:ExternalId in the trust relationship to reference the newly added ExternalId parameter instead of the hardcoded value.

AWS Permissions Updates:

  • Added permissions for additional AWS services, including ec2:DescribeVpcEndpoints, rds:DescribeDBInstances, ec2:CreateSecurityGroup, and iam:UpdateAssumeRolePolicy. These changes expand the scope of supported operations. [1] [2] [3]
  • Included rds.amazonaws.com in the list of trusted service principals and added rds:* to the allowed actions, enabling support for RDS-related operations.

GCP Configuration Adjustments:

  • Added sqladmin.googleapis.com and servicenetworking.googleapis.com to the list of enabled APIs for GCP projects.
  • Granted the roles/cloudsql.admin IAM role to the service account for managing Cloud SQL resources.

Documentation Updates:

  • Clarified the requirements for sharing the ExternalId parameter with Hasura, emphasizing its importance when customized.
  • Expanded the valid range for VPC CIDR blocks from /16 to /16-/19 for both AWS and GCP, providing more flexibility in network configurations. [1] [2]

@hasura-bot
Copy link
Collaborator

@savanipoojan78 Thanks for your PR! I've assigned @robertjdominguez to review it.

@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

Deploying promptql-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: eeac066
Status: ✅  Deploy successful!
Preview URL: https://dc15df57.promptql-docs.pages.dev
Branch Preview URL: https://fix-updatebyocpermission.promptql-docs.pages.dev

View logs

@robertjdominguez robertjdominguez merged commit c06bea7 into main Jul 8, 2025
4 checks passed
@robertjdominguez robertjdominguez deleted the fix/updateByocPermission branch July 8, 2025 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arvi3411301 arvi3411301 arvi3411301 approved these changes

@robertjdominguez robertjdominguez robertjdominguez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@savanipoojan78 @hasura-bot @arvi3411301 @robertjdominguez