IAM Roles for Service Accounts (IRSA) in EKS

IAM Roles for Service Accounts

• https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html

Requirements:

• EKS OIDC configured

Activities[edit]

• Sep 2019 Read about IRSA for EKS: https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
• How do I troubleshoot IRSA errors in Amazon EKS? https://repost.aws/knowledge-center/eks-troubleshoot-irsa-errors
• https://www.eksworkshop.com/docs/security/iam-roles-for-service-accounts/add_irsa
• Configuring a Kubernetes service account to assume an IAM role
• How Amazon EKS works with IAM
• Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts

Related[edit]

• IAM OIDC
• enable_irsa in AWS EKS Terraform module
• Terraform module: ebs_csi_irsa_role
• karpenter_irsa
• podIdentityWebhook in kOps
• Service Accounts: Kubernetes service accounts
• AWS Roles
• service_account_role_arn
• aws iam list-open-id-connect-providers

See also[edit]

• EKS: IRSA, Module: ebs_csi_irsa_role, enable_irsa
• AWS Controllers for Kubernetes (ACK), IRSA
• OIDC, kubectl oidc-login, AWS IAM OIDC, EKS OIDC, EKS module, aws iam list-open-id-connect-providers | aws iam create-open-id-connect-provider | aws iam get-open-id-connect-provider, OIDC tokens, aws_lb_listener_rule
• IAM: AWS IAM Identity Center, AWS Identity and Access Management, Google Cloud IAM, Azure IAM, SailPoint, CyberArk, CIAM, ForgeRock, iam:ChangePassword, aws iam, AdministratorAccess, Context keys, IAM Access Analyzer, AWS policy, AWS managed policies, IAMUserChangePassword, AWS Roles, List of AWS policies, Resource-based policy, aws-iam-authenticator, IRSA, RDS Authentication, AccessDenied, AWS Authentication, AWS IAM external access analyzer