PSKP
Reputation: 1365
Pod is using node group role instead of service account in aws eks
I am using a service account with a role assigned to it using OIDC. I opened shell in the pod and checked current role,
but my service is doing the same thing but it is using node role,
Versions of Java SDK
- aws-java-sdk-core:1.11.505
Upvotes: 4
Views: 1913
Answers (1)
gohm'c
Reputation: 15490
The containers in your pods must use an AWS SDK version that supports assuming an IAM role via an OIDC web identity token file.
Check if you meet the minimum requirement for boto3 is 1.9.220, for botocore is 1.12.200.
Upvotes: 3
Related Questions
- Is it possible to prevent a kubernetes pod on EKS from assuming the node's IAM role?
- eks iam roles for services account not working
- Cannot update EKS NodeGroup because of aws-auth ConfigMap issues
- How to make k8s Pod (generated by Jenkins) use Service account IAM role to access AWS resources
- AWS eks user gets error: You must be logged in to the server (Unauthorized)
- Attach IAM Role to Serviceaccount from a Pod in EKS
- Can't reach a pod from an eks node when using security group for pods
- AWS EKS "is not authorized to perform: iam:CreateServiceLinkedRole"
- Kubernetes service account role using OIDC
- EKS not able to authenticate to Kubernetes with Kubectl - "User: is not authorized to perform: sts:AssumeRole"