
EKS Pod Identities Explained: Managing AWS Credentials in Kubernetes Pods
EKS Pod Identities Explained: Managing AWS Credentials in Kubernetes Pods
- AWS account.
- EKSctl used for communicating with the cluster API server.
- AWS-IAM-Authenticator – with necessary permissions to call the EKS API.
- EKS Cluster (v1.27) - If you don't know how to set up an EKS cluster, click here.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "pods.eks.amazonaws.com"
},
"Action": [
"sts:AssumeRole",
"sts:TagSession"
]
}
]
}
eksctl create addon --cluster EKS-pod-identity --name eks-pod-identity-agent --region us-east-1
1
2
3
4
5
6
7
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::<YOUR-ACCOUNTID>:role/EKS-Pod-Identitie
name: pod-identitie-sa
namespace: default
1
2
3
4
5
6
7
8
9
10
11
12
apiVersion: v1
kind: Pod
metadata:
name: ubuntu-identitie
spec:
serviceAccountName: pod-identitie-sa
containers:
- command:
- sleep
- "3600"
image: ubuntu
name: ubuntu-identitie
kubectl apply -f FILENAME.yam
kubectl exec -it ubuntu-identitie -- /bin/bash
1
2
3
4
5
apt update && apt install unzip curl -y
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install
aws s3 cp awscliv2.zip s3://fadyio-eks-pod-identity/