Integration Providers
section in the Platform
page.
Share access with users, teams or everyone in your TrueFoundry account
As shown in the previous slides, you can share access of each integration with users, teams or everyone in your TrueFoundry account. This would allow them to view and use the integration. Only tenant-admins can edit the integrations.Generate Access Key or Assumed Role
The document below will guide you on how to create an IAM role with assume role and add the required permissions to that role. If you have used the TrueFoundry terraform code, an IAM role will already be created and attached here. You can also create a new one to allow for specific permissions if needed. You can create an IAM user with the required permissions and generate an access key and secret key to add integration. For AWS, TrueFoundry supports both IAM user and IAM role.Create an IAM role with assume role
The role should have following trust policy added.Following steps are required for each integration
You can also attach the following policies to the IAM role/user for each integration. Ensure that you replace theAWS_REGION
and ACCOUNT_ID
with your own.
S3 integration
S3 integration
[Pre-requisite] Create a S3 Bucket with following configRequired Policies
- Make sure the bucket has lifecycle configuration to abort multipart upload set for 7 days.
- Make sure CORS is applied on the bucket with the below configuration:
ECR integration
ECR integration
Attach the following policy to the IAM role/user for integrating ECR.
SSM integration
SSM integration
Attach the following policy to the IAM role/user for integrating parameter store.
EKS integration
EKS integration
Attach the following policy to the IAM role/user for integrating EKS.
Bedrock integration (Optional)
Bedrock integration (Optional)
The following policy grants permission to invoke any foundation model available on Bedrock in your available regions (To check the list of available regions for different models, refer to AWS Bedrock). You can configure
Resource
list to control which models can be accessed through the AI Gateway.