https://flyte.org logo
#announcements
Title
# announcements
h

Hampus Rosvall

04/11/2022, 8:34 AM
Hi, a few questions regarding permissions and configuration: • What is the preferred way to provide identities for task Pods? Would you specify IAM Role in Launch Plan, or provide an Service Account in the
flyte.config
? • Is it best practice to assign a SA/IAM role for each task, or reuse the same identity on a workflow basis? • What should be configured in
flyte.config
vs
~/.flyte/config.yaml
?
s

Samhita Alla

04/11/2022, 9:48 AM
Hello @Hampus Rosvall! 1. Both are identical. Providing an IAM role in
flyte.config
is kinda general, whereas IAM role for a specific launch plan is helpful if you want to override the value in
flyte.config
or the default value. 2. I think it’d be nice to have an IAM role per project-domain. You can also have it per workflow; it depends on the use case. Task should be ok, too. I might have to ask @Prafulla Mahindrakar or @Yuvraj to chime in here. 3.
flyte.config
holds the configuration for FlyteRemote or the execution-related parameters (e.g., https://github.com/flyteorg/flytelab/blob/main/templates/basic/%7B%7Bcookiecutter.project_name%7D%7D/dashboard/remote.config) and
~/flyte/config.yaml
is for Flytectl. We’re revamping this flow where
flyte.config
is no more required; the release with these changes should be out very soon!
👍 2
p

Prafulla Mahindrakar

04/11/2022, 9:52 AM
For 2. Per project-domain level IAM role / Service account is coming in new release .
👍 2
81 Views