
How to optimize AWS services -Applications connectivity with EKS Pod Identity
Every AWS Re-Invent new releases are awaited with high expectation. One of my highlights of the reinvent 2023 was the simplified application access to AWS service with EKS pod Identity.
While kube2iam has been helpful in securing pod-level access to AWS resources, it has certain challenges:
While there are several alternatives available for managing IAM permissions in Kubernetes, EKS Pod Identity seeks to provide a robust and easy-to-use native solution for Amazon EKS users.
An AWS Service (s3 bucket): We shall create an s3 bucket, upload an image and later on access it.
An Application: As we know applications are housed in Containers and containers resides in pods. These pods are managed by Kubernetes, so we need an EKS Cluster.
IAM Permission: For Identity and Access management.
Next we need the pod identity agent, which will reside in the EKS Cluster. We need to create a cluster. The default setting will suffice. For the add-ons stage, It is important to chose amazon EKS Pod Identity agent as an extra add-on
--cluster-name \
--namespace \
--service-account \
--role-arn
--cluster-name \
--addon-name eks-pod-identity-agent \
--addon-version