Indicates the principal ARN that an EKS Access Entry should point to in the recovery environment
arpio-config:recovery-principal-arn = <principal-arn>
<principal-arn>
ARN of an IAM user or role that exists in the recovery environment
Supported Resources
- EKS Access Entries
Description
By default, Arpio will translate principal ARN values on EKS Access Entries from the primary environment to their counterpart in the recovery environment if the ARN references an IAM role that Arpio is managing. However, if an Access Entry references an IAM user or an AWS-managed SSO role in the source environment, Arpio cannot translate these and brings them across to the recovery environment as-is.
This config tag allows the recovery principal ARN to be explicitly indicated as a tag on the Access Entry in the source environment.
Examples
Tag |
Value |
arpio-config:recovery-principal-arn |
arn:aws:iam::111111111111:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_MyTeam_1234 |