Features · AWS
Ten AWS probes. IRSA-first auth.
RDS, EBS, EKS, IAM, ALB, ACM, KMS, S3, VPC — probed with the workload-identity your cluster already uses.
Deep dive in progress
CHA's AWS probes use IRSA (IAM Roles for Service Accounts) — the same workload-identity auth your EKS cluster already uses for application workloads. No long-lived AWS credentials in CHA. Same IAM, same audit trail. Read-only by design in M1; cloud-mutation envelope is M4 with separate approval gates.