docs: Adds Cloud Manager principal to Kyma landscape mapping (kyma-pr…

…oject#794) Co-authored-by: Małgorzata Świeca <[email protected]>
vandjelk · Nov 13, 2024 · 8b880fa · 8b880fa
1 parent c53e0b8
commit 8b880fa
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/docs/user/resources/04-70-10-aws-vpc-peering.md b/docs/user/resources/04-70-10-aws-vpc-peering.md
@@ -13,9 +13,14 @@ the Kyma cluster underlying cloud provider account and accepts VPC peering conne
 Cloud Manager must be authorized in the remote cloud provider account to accept VPC peering connection. For cross-account access,
 Cloud Manager uses [`AssumeRole`](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/assume-role.html).
 
-1.  Create a new role named **CloudManagerPeeringRole** with a trust policy that allows Cloud Manager principal `arn:aws:iam::{194230256199}:user/cloud-manager-peering-ENV` to assume the role.
+Use the following table to identify Cloud Manager principal based on your Kyma landscape:
 
-    **ENV** corresponds to **dev**, **stage**, or **prod**.
+| BTP cockpit URL                    | Kyma dashboard URL                     | Cloud Manager principal                                    |
+|------------------------------------|----------------------------------------|------------------------------------------------------------|
+| https://canary.cockpit.btp.int.sap | https://dashboard.stage.kyma.cloud.sap | `arn:aws:iam::194230256199:user/cloud-manager-peering-stage` |
+| https://emea.cockpit.btp.cloud.sap | https://dashboard.kyma.cloud.sap       | `arn:aws:iam::194230256199:user/cloud-manager-peering-prod`  |
+
+1.  Create a new role named **CloudManagerPeeringRole** with a trust policy that allows Cloud Manager principal to assume the role:
 
     ```json
     {
@@ -24,7 +29,7 @@ Cloud Manager uses [`AssumeRole`](https://awscli.amazonaws.com/v2/documentation/
             {
                 "Effect": "Allow",
                 "Principal": {
-                    "AWS": "arn:aws:iam::194230256199:user/cloud-manager-peering-ENV"
+                    "AWS": "{CLOUD_MANAGER_PRINCIPAL}"
                 },
                 "Action": "sts:AssumeRole"
             }
@@ -55,7 +60,7 @@ Cloud Manager uses [`AssumeRole`](https://awscli.amazonaws.com/v2/documentation/
     }
     ```
 
-3.  Attach the **CloudManagerPeeringAccess** policy to the **CloudManagerPeeringRole**.
+3.  Attach the **CloudManagerPeeringAccess** policy to the **CloudManagerPeeringRole**:
 
 ### Deleting `AwsVpcPeering`