Associating AWS IAM Roles with Amazon EKS Service Accounts
Amazon Elastic Kubernetes Service (EKS) is a service from Amazon that hosts a Kubernetes cluster in the AWS cloud. It's common for applications hosted in a Kubernetes cluster to require access to cloud resources outside of the cluster.
Amazon EKS supports using Open ID Connect (OIDC) to associate an AWS IAM role with a Kubernetes Service Account. This association allows you to securely grant access to cloud resources and manage these credentials.
In this hands-on laboratory, you will deploy an application that uses AWS cloud resources and observe it fail due to not having access. You will create a Service Account and configure it to be associated with an AWS IAM role. You will then configure the application to use the Service Account and observe it successfully accessing a cloud resource.
Learning Objectives
Upon completion of this intermediate-level lab, you will be able to:
- Inspect AWS IAM roles and Kubernetes Service Accounts
- Create a new Service Account
- Associate a Service Account with a Deployment and AWS IAM role
Intended Audience
- Cloud Architects
- DevOps Engineers
Prerequisites
Familiarity with the following will be beneficial but is not required:
- The
kubectlutility - The Bash Shell
- AWS IAM roles, policies, trust relationships, and federation
The following content can be used to fulfill the prerequisites:
- Kubernetes Patterns for Application Developers
- Linux Command Line Byte Session
- AWS: Overview of AWS Identity & Access Management (IAM)
Updates
December 5th, 2023 - Updated Kubernetes version
February 28th, 2023 - Updated to Kubernetes 1.24
Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.
He holds multiple AWS certifications including Solutions Architect Associate and Professional.