Infrastructure
Greyhound can provision AWS resources alongside your Kubernetes workloads. This keeps your infrastructure-as-code co-located with your application definition.
IAM Roles
Enable IAM role creation for your environment:
infrastructure:
create_iam_roles: true
Bind roles to service accounts for fine-grained access:
service_accounts:
- name: my-runtime
cloud_role: arn:aws:iam::123456789012:role/my-runtime-role
services:
- name: api
service_account_name: my-runtime
This sets up IRSA (IAM Roles for Service Accounts) so your pods can assume the specified IAM role. The cloud_role field accepts a full IAM role ARN or a role alias.
Security Groups
Define security group rules to control network access. Each rule targets traffic by direction, protocol, port range, and either a CIDR block or a source security group:
infrastructure:
create_iam_roles: true
security_groups:
- component: database
alias: db-sg
description: Allow Postgres from app pods
rules:
- direction: ingress
protocol: TCP
from_port: 5432
to_port: 5432
source_security_group_id: sg-0123456789abcdef0
- direction: egress
protocol: TCP
from_port: 0
to_port: 0
cidr_ip: 0.0.0.0/0
| Field | Description |
|---|---|
component | Owning component — maps to the AWS logical resource name |
alias | Optional friendly name for referencing the security group |
description | Human-readable description (max 255 characters) |
rules[].direction | ingress or egress |
rules[].protocol | TCP, UDP, or ICMP (uppercase) |
rules[].from_port / to_port | Port range (0–65535) |
rules[].cidr_ip | IPv4 CIDR block (e.g., 10.0.0.0/16) — mutually exclusive with source_security_group_id |
rules[].source_security_group_id | AWS security group ID (e.g., sg-067a3e14bb34e32a5) — mutually exclusive with cidr_ip |