hands-on lab

Associating AWS IAM Roles with Amazon EKS Service Accounts

Up to 1h 25m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Amazon Elastic Kubernetes Service (EKS) is a service from Amazon that hosts a Kubernetes cluster in the AWS cloud. It's common for applications hosted in a Kubernetes cluster to require access to cloud resources outside of the cluster.

Amazon EKS supports using Open ID Connect (OIDC) to associate an AWS IAM role with a Kubernetes Service Account. This association allows you to securely grant access to cloud resources and manage these credentials.

In this hands-on laboratory, you will deploy an application that uses AWS cloud resources and observe it fail due to not having access. You will create a Service Account and configure it to be associated with an AWS IAM role. You will then configure the application to use the Service Account and observe it successfully accessing a cloud resource.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Inspect AWS IAM roles and Kubernetes Service Accounts
  • Create a new Service Account
  • Associate a Service Account with a Deployment and AWS IAM role

Intended Audience

  • Cloud Architects
  • DevOps Engineers


Familiarity with the following will be beneficial but is not required:

  • The kubectl utility
  • The Bash Shell
  • AWS IAM roles, policies, trust relationships, and federation

The following content can be used to fulfill the prerequisites:


December 5th, 2023 - Updated Kubernetes version

February 28th, 2023 - Updated to Kubernetes 1.24

About the author

Learning paths

Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.

He holds multiple AWS certifications including Solutions Architect Associate and Professional.

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Connecting to the Virtual Machine using EC2 Instance Connect
Reviewing Amazon EKS Resources Automatically Created
Installing Kubernetes Management Tools and Utilities
Associating IAM Roles with Kubernetes Service Accounts in Amazon EKS