Associating AWS IAM Roles with Amazon EKS Service Accounts

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Connecting to the Virtual Machine using EC2 Instance Connect
lock
Reviewing Amazon EKS Resources Automatically Created
lock
Installing Kubernetes Management Tools and Utilities
lock
Associating IAM Roles with Kubernetes Service Accounts in Amazon EKS

The hands-on lab is part of this learning path

Ready for the real environment experience?

DifficultyBeginner
Time Limit1h 15m
Students17

Description

Amazon Elastic Kubernetes Service (EKS) is a service from Amazon that hosts a Kubernetes cluster in the AWS cloud. It's common for applications hosted in a Kubernetes cluster to require access to cloud resources outside of the cluster.

Amazon EKS supports using Open ID Connect (OIDC) to associate an AWS IAM role with a Kubernetes Service Account. This association allows you to securely grant access to cloud resources and manage these credentials.

In this hands-on laboratory, you will deploy an application that uses AWS cloud resources and observe it fail due to not having access. You will create a Service Account and configure it to be associated with an AWS IAM role. You will then configure the application to use the Service Account and observe it successfully accessing a cloud resource.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Inspect AWS IAM roles and Kubernetes Service Accounts
  • Create a new Service Account
  • Associate a Service Account with a Deployment and AWS IAM role

Intended Audience

  • Cloud Architects
  • DevOps Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • The kubectl utility
  • The Bash Shell
  • AWS IAM roles, policies, trust relationships, and federation

The following content can be used to fulfill the prerequisites:

About the Author
Students34838
Labs86
Courses2
Learning paths2

Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.

He holds multiple AWS certifications including Solutions Architect Associate and Professional.