Skip to content
IAM roles
Kubernetes uses some configurations to identify every pod on the cluster. We use service accounts service accounts to bind a IAM roles to the pods.
IAM roles for Service Accounts (IRSA)
With k8s we can configure a deployment specifying which service account will be assumed for each pod. Each service account can be associated with a IAM rol than allow a pod to use some AWS services as is decribed
.To create a service account named my-service-account associated with new role named k8s-staging-pod and attach a s3 full access use the following command:
eksctl create iamserviceaccount --name my-service-account --namespace default --cluster staging --role-name "k8s-staging-pod" --attach-policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --approve
You can modify this IAM rol to associate other policies using the AWS console or command SDK.
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.