docs: how to deploy with external aws account

2i2c-org · Jan 9, 2024 · 5cde240 · 5cde240
1 parent 3f97bfd
commit 5cde240
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/docs/hub-deployment-guide/new-cluster/external-account.md b/docs/hub-deployment-guide/new-cluster/external-account.md
@@ -0,0 +1,25 @@
+# AWS with external account
+
+In some cases, the organization has its own AWS account and is provided it to us to deploy the cluster.
+This method is far simpler as we don't have to handle cloud billing, since it is handled by the organization.
+
+There are some steps to do before the deploy:
+
+1. Instruct the external organization to create one AWS IAM account with full permissions.
+   Since we will have one account per engineer,
+   this should be for a specific engineer who is responsible for setting up the hub.
+
+1. The organization sends the credentials for this account to `[email protected]`,
+   [encrypted using age encryption method](inv:dc#support:encrypt).
+
+1. The engineer accesses this information and [decrypts it using the provided instructions](/sre-guide/support/decrypt-age).
+
+1. This engineer can use the IAM service in the AWS Console to create accounts for each engineer
+   and then sends the credentials to each engineer, for example, through Slack.
+
+   ```{tip}
+   Create a **User group** with admin permissions.
+   ```
+
+1. Continue with the cluster setup as usual (following [new cluster on AWS](aws)).
+   On the section [](new-cluster:aws-setup-credentials) follow the steps for "For accounts without AWS SSO".
diff --git a/docs/hub-deployment-guide/new-cluster/index.md b/docs/hub-deployment-guide/new-cluster/index.md
@@ -31,4 +31,5 @@ Deploying Kubernetes to AWS has a distinctly different workflow than GCP or Azur
 new-cluster.md
 aws.md
 smce.md
+external-account.md
 ```