Open in app

Sign in

Write

Sign in

EKS Pod— Service Account with IAM Role

Ripon Banik
3 min readOct 29, 2020

Provide granular IAM permission to AWS Services

Overview

With introduction of IAM permissions to Kubernetes service accounts in EKS, AWS provides fine-grained, pod level access control when running clusters with multiple co-located services.

Previously, when running a Kubernetes cluster on AWS, you could only associate IAM roles to an EC2 node in the cluster, and every pod that ran on the node inherited the same IAM role. This made it hard to run pods with different access control requirements on the same set of nodes.

The IAM roles for service accounts feature is available on new Amazon EKS Kubernetes version 1.14 and later clusters.

IAM ROLE

The first step is to create IAM role with trust relationship and the permission needed for the pod.

Creation of trust relationship requires an OIDC_PROVIDER. It is available from AWS Console — Amazon Container Services -> Clusters

Now create the IAM role from AWS -> IAM -> Roles,

Next select permission and I select AWS Managed Policy ViewOnly.

--

--

Ripon Banik

Written by Ripon Banik

210 Followers

A Cloud and DevSecOps Engineer and Consultant, passionate about simplification of technology and make it consumable. https://www.linkedin.com/in/riponbanik/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams