@@ -10,19 +10,19 @@ the relevant service account assigned.
1010
1111## 1. Get your Google service account OAuth Client ID
1212
13- > (Optional): If you do not yet have a service account,
14- > [ here is the Google IAM documentation on creating a service account] ( https://cloud.google.com/iam/docs/service-accounts-create ) .
15-
1613Navigate to the Google Cloud console, and select ** IAM & Admin** > ** Service
1714Accounts** . View the service account you want to use, and copy the ** OAuth 2
1815Client ID** value shown on the right-hand side of the row.
1916
20- ## 1. Create AWS role
17+ > (Optional): If you do not yet have a service account,
18+ > [ here is the Google IAM documentation on creating a service account] ( https://cloud.google.com/iam/docs/service-accounts-create ) .
19+
20+ ## 2. Create AWS role
2121
2222Create an AWS role that is configured for Web Identity Federation, with Google
2323as the identity provider, as shown below:
2424
25- ![ AWS Create Role] ( ../images/guides/aws-create-role.png )
25+ ![ AWS Create Role] ( ../images/guides/gcp-to-aws/ aws-create-role.png )
2626
2727Once created, edit the ** Trust Relationship** section to look like the
2828following:
@@ -47,7 +47,7 @@ following:
4747}
4848```
4949
50- ## 1 . Assign permissions to the AWS role
50+ ## 3 . Assign permissions to the AWS role
5151
5252In this example, Coder will need permissions to create the EC2 instance. Add the
5353following policy to the role:
@@ -101,7 +101,7 @@ following policy to the role:
101101}
102102```
103103
104- ## 1 . Generate the identity token for the service account
104+ ## 4 . Generate the identity token for the service account
105105
106106Run the following ` gcloud ` command to generate the service account identity
107107token. This is a JWT token with a payload that includes the service account
@@ -115,7 +115,7 @@ veloper.gserviceaccount.com --include-email
115115> Note: Your ` gcloud ` client may needed elevated permissions to run this
116116> command.
117117
118- ## 1 . Set identity token in Coder control plane
118+ ## 5 . Set identity token in Coder control plane
119119
120120You will need to set the token created in the previous step on a location in the
121121Coder control plane. Follow the below steps for your specific deployment type:
@@ -143,17 +143,18 @@ running.
143143- Mount the token file into the Coder pod using the values below:
144144
145145``` yaml
146- volumes :
147- - name : " gcp-identity-mount"
148- secret :
149- secretName : " gcp-identity-token"
150- volumeMounts :
151- - name : " gcp-identity-mount"
152- mountPath : " /home/coder/.aws/gcp-identity-token"
153- readOnly : true
146+ coder :
147+ volumes :
148+ - name : " gcp-identity-mount"
149+ secret :
150+ secretName : " gcp-identity-token"
151+ volumeMounts :
152+ - name : " gcp-identity-mount"
153+ mountPath : " /home/coder/.aws/gcp-identity-token"
154+ readOnly : true
154155` ` `
155156
156- ## 1 . Configure the AWS Terraform provider
157+ ## 6 . Configure the AWS Terraform provider
157158
158159Navigate to your EC2 workspace template in Coder, and configure the AWS provider
159160using the block below:
0 commit comments