Difference between revisions of "IAM Roles for Service Accounts (IRSA) in EKS"
Jump to navigation
Jump to search
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[IAM Roles]] for [[Service Accounts]] | [[IAM Roles]] for [[Service Accounts]] | ||
* https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html | * https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html | ||
+ | |||
+ | |||
+ | |||
+ | Requirements: | ||
+ | * [[EKS OIDC]] configured | ||
== Activities == | == Activities == | ||
Line 8: | Line 13: | ||
* [[Configuring a Kubernetes service account to assume an IAM role]] | * [[Configuring a Kubernetes service account to assume an IAM role]] | ||
* [[How Amazon EKS works with IAM]] | * [[How Amazon EKS works with IAM]] | ||
+ | * [[Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts]] | ||
== Related == | == Related == |
Latest revision as of 09:36, 2 February 2024
IAM Roles for Service Accounts
Requirements:
- EKS OIDC configured
Activities[edit]
- Sep 2019 Read about IRSA for EKS: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
- How do I troubleshoot IRSA errors in Amazon EKS? https://repost.aws/knowledge-center/eks-troubleshoot-irsa-errors
- https://www.eksworkshop.com/docs/security/iam-roles-for-service-accounts/add_irsa
- Configuring a Kubernetes service account to assume an IAM role
- How Amazon EKS works with IAM
- Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts
Related[edit]
- IAM OIDC
enable_irsa
in AWS EKS Terraform module- Terraform module: ebs_csi_irsa_role
karpenter_irsa
podIdentityWebhook
in kOps- Service Accounts: Kubernetes service accounts
- AWS Roles
service_account_role_arn
aws iam list-open-id-connect-providers
See also[edit]
- EKS: IRSA, Module:
ebs_csi_irsa_role
,enable_irsa
- AWS Controllers for Kubernetes (ACK), IRSA
- OIDC,
kubectl oidc-login
, AWS IAM OIDC, EKS OIDC, EKS module,aws iam list-open-id-connect-providers | aws iam create-open-id-connect-provider | aws iam get-open-id-connect-provider
, OIDC tokens,aws_lb_listener_rule
- IAM: AWS IAM Identity Center, AWS Identity and Access Management, Google Cloud IAM, Azure IAM, SailPoint, CyberArk, CIAM, ForgeRock,
iam:ChangePassword
,aws iam
,AdministratorAccess
, Context keys, IAM Access Analyzer, AWS policy, AWS managed policies,IAMUserChangePassword
, AWS Roles, List of AWS policies, Resource-based policy,aws-iam-authenticator
, IRSA, RDS Authentication,AccessDenied
, AWS Authentication, AWS IAM external access analyzer
Advertising: