A Special Interest Group (SIG) for running SPIFFE in AWS. We encourage attendees to show up in-person for these meetings, even though each meeting will have video conferencing (and be recorded).
- Every other Thursday @ 2:00pm PDT
- Meetings Notes
- Calendar ICS (See this Google support page to learn more about importing .ics files)
- Overall: establish trust of a system when it first boots. This is the first thing that must happen for a SIFFE aware deployment to exist.
- Sequence diagram (strawman)
- Protocol that authenticates an ec2 instance to the control plane when the instance first boots
- Support the following instance to SPIFFE ID mapping methods
- Only the instance ID (map IID to SPIFFE ID)
- AWS IAM roles (map IAM-ROLE to SPIFFE ID)
- AWS Tags (map a nonce in a tag to a SPIFFE ID)
- Auto Scaling Groups (map an ASG/Security group to a SPIFFE ID)
- Google Cloud Platform (TBD mapped to a SPIFFE ID)
- Determine how the control plane supports the registration methods to map to a set of SPIFFE IDs
- End to end POC
- TODO