Self-hosted agents allow you to run env0 deployment workloads on your own Kubernetes cluster. Now we are making the integration smoother for AWS and GCP (Azure is next in-line) by allowing you to use advanced authentication methods to authenticate the env0 Self Hosted Agent to your cloud provider. This includes Node and SA Auth on AWS EKS and SA Auth on Google GKE. This means that you can now manage your authorization and authentication with the best practices of your cloud provider.
When running your IaC deployment you need to authenticated to your cloud provider in order to deploy your code and create cloud resources.
Each cloud provider deals with it in a different way, especially when running those deployments within the cloud provider. Our Self hosted agent assures that all of your IaC deployment are running inside your own cloud provider, whether it's AWS, GCP, Azure or any other cloud provider, since our agent is based on Kubernetes you can actually run it anywhere.
However, when running it in a specific cloud provider like AWS and GCP you can now leverage the built-in Authentication mechanism of those services to manage Authentication and Authorization in a more secure and manageable way.
Here is how env0 supports those mechanism out of the box using our Self hosted agents:
- Node Authentication
- K8S Service Account to IAM Role
- Find more details in Authenticating the agent on AWS EKS
- K8S Service Account to GCP Service Account
- Find more details in Use Workload Identity, using