Skip to main content
Version: 1.31

Okteto BYOC on AWS

Okteto's Bring Your Own Cloud (BYOC) model allows you to run the Okteto Platform in your own AWS account while still benefiting from a fully managed experience. This guide walks you through the steps to set up your AWS environment so Okteto can securely install and manage the platform.

Installation Requirements

Before you start, ensure the following:

  • The AWS CLI is installed and configured (version 2.15 or later)
  • You have access to an empty AWS account dedicated to Okteto BYOC

Step 1: Get the AWS IAM Role Assumption External ID

Contact your Okteto sales representative to obtain your unique AWS IAM Role Assumption External ID. This is required to securely allow Okteto to assume a role in your AWS account.

Step 2: Create the IAM Role

Create a file named trust-policy.json with the following content or download it from here:

trust-policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "111122223333"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "REPLACEME"
                }
            }
        }
    ]
}

Replace REPLACEME with the External ID provided by Okteto.

Then, create the IAM role using the trust policy we just created with the AWS CLI:

aws iam create-role \
  --role-name okteto-byoc-integration \
  --assume-role-policy-document file://trust-policy.json

Step 3: Attach the Necessary Policies

Attach the necessary policy to give Okteto access to manage infrastructure:

aws iam attach-role-policy \
  --role-name okteto-byoc-integration \
  --policy-arn arn:aws:iam::aws:policy/AdministratorAccess

Step 4: Share the Role ARN With Your Okteto Representative

Finally, provide the IAM Role ARN to your Okteto technical representative. They’ll complete the setup and guide you through connecting your cluster to Okteto.

✅ What Happens Next

Once you've shared the IAM Role ARN with your Okteto sales representative, we'll take it from here.

Our team will:

  • Install Okteto into your AWS environment
  • Ensure the platform is configured and ready for your team to use

You’ll be notified once installation is complete and receive onboarding support to help your team start developing with Okteto.

Welcome to Okteto BYOC — we’re excited to have you on board!