🔐 Cloud Authentication for Self Hosted Agents

Self-hosted agents allow you to run env0 deployment workloads on your own Kubernetes cluster. Now we are making the integration smoother for AWS and GCP (Azure is next in-line) by allowing you to use advanced authentication methods to authenticate the env0 Self Hosted Agent to your cloud provider. This includes Node and SA Auth on AWS EKS and SA Auth on Google GKE. This means that you can now manage your authorization and authentication with the best practices of your cloud provider.

✨ Native Cloud Authentication ✨

When running your IaC deployment you need to authenticated to your cloud provider in order to deploy your code and create cloud resources.
Each cloud provider deals with it in a different way, especially when running those deployments within the cloud provider. Our Self hosted agent assures that all of your IaC deployment are running inside your own cloud provider, whether it's AWS, GCP, Azure or any other cloud provider, since our agent is based on Kubernetes you can actually run it anywhere.
However, when running it in a specific cloud provider like AWS and GCP you can now leverage the built-in Authentication mechanism of those services to manage Authentication and Authorization in a more secure and manageable way.
Here is how env0 supports those mechanism out of the box using our Self hosted agents:

AWS EKS

GCP GKE

  • K8S Service Account to GCP Service Account
  • Find more details in Use Workload Identity, using NAMESPACE=env0-agent and KSA=default