Skip to main content

astroctl_cloud_aws_selfHosted

astroctl cloud aws selfHosted

Self-hosted cluster prerequisite management

Synopsis

Manage prerequisites for self-hosted (vanilla Kubernetes) clusters on AWS.

Credentials are stored in the platform's encrypted vault — never in cluster YAML.

Workflows: Fully automated (recommended): setup → creates IAM user, S3 bucket, policies via CloudFormation → auto-stores credentials in vault (no manual copy needed) apply → cluster YAML uses credentials.type: vault

Bring your own credentials (BYOC): connect → validates your IAM user keys + stores in vault apply → cluster YAML uses credentials.type: vault

Commands: setup Deploy prerequisites + auto-store credentials in vault connect Validate your own credentials and store in vault disconnect Revoke stored credentials from vault (keeps infra) validate Pre-flight validation only (no storage) cleanup Delete CloudFormation stack + purge vault credentials

Examples

  # Fully automated: setup creates everything + stores creds in vault
  astroctl cloud aws selfHosted setup --account-id 123456789012 --region us-west-2 --cluster-name prod

  # Bring your own credentials: connect stores your keys in vault
  astroctl cloud aws selfHosted connect --access-key AKIA... --secret-key ... \
      --region us-west-2 --bucket my-bucket --cluster-name prod

  # Or connect with an AWS profile
  astroctl cloud aws selfHosted connect --profile astroplatform-admin \
      --region us-west-2 --bucket my-bucket --cluster-name prod

  # Rotate credentials
  astroctl cloud aws selfHosted disconnect --cluster-name prod
  astroctl cloud aws selfHosted connect --profile astroplatform-admin ...

  # Cleanup everything
  astroctl cloud aws selfHosted cleanup --account-id 123456789012 --region us-west-2 \
      --cluster-name prod --profile admin

Options

  -h, --help   help for selfHosted

Options inherited from parent commands

  -o, --output string   Output format (json|yaml) (default "yaml")

SEE ALSO