is it planned to have some sort of multi tenancy and IAM integration for zeebe in the future?
There are no plans for multi-tenancy. As for IAM integration, from what I remember (it’s been a while since I did anything on AWS), this is something that can be configured using VPC rules and instance profiles (I imagine there’s something similar for containers?).
On the other hand, we support OAuth2 flow out of the box since 0.21.0-alpha2; you can then use AWS Cognito/IAM combination to set up a user pool and use OAuth2 token flow. There is no documentation for it yet but it should be available in the next few weeks. You can refer to
ZeebeOAuthCredentialsProvider and its sibling builder class on how to configure it. As for how to set up Cognito, AWS published a blog post related to it: https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/
If you have any other issues, when I have some time I can see and try to dig a bit deeper into it, I think it’d be a nice show case to have anyway.
Thank you @npepinpe for your answer.
Maybe I should have been more precise when mentioning multi-tenancy.
I am more looking for this sort of Expected behavior:
- A user is able to login with username/password.
- A user can only sees his own workflows.
- A user can grand permissions to other users to CRUD the workflow.
I suspect, 0.21.0-alpha2 fulfills requirement No. 1?
There are no apps in Zeebe. There are deployed bpmn workflows and running workflow instances. When you say “app”, what do you mean?
I mean workflow, sorry for the wrong terminology.
Muti-tenancy is a concern outside the broker. You have to roll this yourself with multiple clusters. It is built in to Camunda Cloud: https://zeebe.io/cloud/