Roles

This page describes Roles in Lenses.

Lenses IAM is built around Roles. Roles contain policies and each policy defines a set of actions a user is allow to take.

Roles are then assigned to groups.

Role Policies

The Lenses policies are resource based. They are YAML based documents attached to a resource.

Each policy has:

Action
Resource
Effect

Action

The action describes the action or verb that a user can perform. The format of the action is

[entity type]:action

For example to list topics in Kafka

policy
  - action:
    - kafka:ListTopics

For a full list of the actions see Permission Reference.

To allow all actions set '*'

Resource

To restrict access to resources, for example, only list topics being with red we can used use the resource field.

For a full list of the actions see Permission Reference.

To allow all actions set '*'

Effect

Effect is either allow the action on the resource or deny. If allow is not set the action will be denied and if any policy for a resource has a deny effect it takes precedence.

Create a Role

To Create Service Account go to IAM->Roles->New Role.

You can also manage Users via the CLI and YAML, for integration in your CI/CD pipelines.

my-role.yaml

terminal

➜  hq roles
Manage Roles.

Usage:
  hq roles [command]

Available Commands:
  create      Creates a new role.
  delete      Deletes a role.
  get         Returns a specific role.
  list        Returns all roles.
  metadata    Manages role metadata.
  update      Updates a role.

PreviousGroups NextService Accounts

Last updated 2 days ago