Difference between revisions of "IAM Roles for Service Accounts (IRSA) in EKS"
Jump to navigation
Jump to search
| (10 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[IAM Roles]] for [[Service Accounts]] | [[IAM Roles]] for [[Service Accounts]] | ||
| + | * https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html | ||
| + | |||
| + | |||
| + | |||
| + | Requirements: | ||
| + | * [[EKS OIDC]] configured | ||
== Activities == | == Activities == | ||
* Sep 2019 Read about IRSA for [[EKS]]: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/ | * Sep 2019 Read about IRSA for [[EKS]]: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/ | ||
* [[How do I troubleshoot IRSA errors in Amazon EKS?]] https://repost.aws/knowledge-center/eks-troubleshoot-irsa-errors | * [[How do I troubleshoot IRSA errors in Amazon EKS?]] https://repost.aws/knowledge-center/eks-troubleshoot-irsa-errors | ||
| + | * https://www.eksworkshop.com/docs/security/iam-roles-for-service-accounts/add_irsa | ||
| + | * [[Configuring a Kubernetes service account to assume an IAM role]] | ||
| + | * [[How Amazon EKS works with IAM]] | ||
| + | * [[Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts]] | ||
== Related == | == Related == | ||
| + | * [[IAM OIDC]] | ||
* <code>[[enable_irsa]]</code> in [[AWS EKS Terraform module]] | * <code>[[enable_irsa]]</code> in [[AWS EKS Terraform module]] | ||
* [[Terraform module: ebs_csi_irsa_role]] | * [[Terraform module: ebs_csi_irsa_role]] | ||
| Line 12: | Line 23: | ||
* [[Service Accounts]]: [[Kubernetes service accounts]] | * [[Service Accounts]]: [[Kubernetes service accounts]] | ||
* [[AWS Roles]] | * [[AWS Roles]] | ||
| − | * [[service_account_role_arn]] | + | * <code>[[service_account_role_arn]]</code> |
| − | * [[aws iam list-open-id-connect-providers]] | + | * <code>[[aws iam list-open-id-connect-providers]]</code> |
== See also == | == See also == | ||
* {{IRSA}} | * {{IRSA}} | ||
* {{ACK}} | * {{ACK}} | ||
| + | * {{OIDC}} | ||
* {{IAM}} | * {{IAM}} | ||
[[Category:IAM]] | [[Category:IAM]] | ||
Latest revision as of 09:36, 2 February 2024
IAM Roles for Service Accounts
Requirements:
- EKS OIDC configured
Activities[edit]
- Sep 2019 Read about IRSA for EKS: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
- How do I troubleshoot IRSA errors in Amazon EKS? https://repost.aws/knowledge-center/eks-troubleshoot-irsa-errors
- https://www.eksworkshop.com/docs/security/iam-roles-for-service-accounts/add_irsa
- Configuring a Kubernetes service account to assume an IAM role
- How Amazon EKS works with IAM
- Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts
Related[edit]
- IAM OIDC
enable_irsain AWS EKS Terraform module- Terraform module: ebs_csi_irsa_role
karpenter_irsapodIdentityWebhookin kOps- Service Accounts: Kubernetes service accounts
- AWS Roles
service_account_role_arnaws iam list-open-id-connect-providers
See also[edit]
- EKS: IRSA, Module:
ebs_csi_irsa_role,enable_irsa - AWS Controllers for Kubernetes (ACK), IRSA
- OIDC,
kubectl oidc-login, AWS IAM OIDC, EKS OIDC, EKS module,aws iam list-open-id-connect-providers | aws iam create-open-id-connect-provider | aws iam get-open-id-connect-provider, OIDC tokens,aws_lb_listener_rule - IAM: AWS IAM Identity Center, AWS Identity and Access Management, Google Cloud IAM, Azure IAM, SailPoint, CyberArk, CIAM, ForgeRock,
iam:ChangePassword,aws iam,AdministratorAccess, Context keys, IAM Access Analyzer, AWS policy, AWS managed policies,IAMUserChangePassword, AWS Roles, List of AWS policies, Resource-based policy,aws-iam-authenticator, IRSA, RDS Authentication,AccessDenied, AWS Authentication, AWS IAM external access analyzer
Advertising:
