hands-on lab

Associating AWS IAM Roles with Amazon EKS Service Accounts

Difficulty: Beginner
Duration: Up to 1 hour and 25 minutes
Students: 1,357
Rating: 4.6/5
On average, students complete this lab in1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

Amazon Elastic Kubernetes Service (EKS) is a service from Amazon that hosts a Kubernetes cluster in the AWS cloud. It's common for applications hosted in a Kubernetes cluster to require access to cloud resources outside of the cluster.

Amazon EKS supports using Open ID Connect (OIDC) to associate an AWS IAM role with a Kubernetes Service Account. This association allows you to securely grant access to cloud resources and manage these credentials.

In this hands-on laboratory, you will deploy an application that uses AWS cloud resources and observe it fail due to not having access. You will create a Service Account and configure it to be associated with an AWS IAM role. You will then configure the application to use the Service Account and observe it successfully accessing a cloud resource.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Inspect AWS IAM roles and Kubernetes Service Accounts
  • Create a new Service Account
  • Associate a Service Account with a Deployment and AWS IAM role

Intended Audience

  • Cloud Architects
  • DevOps Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • The kubectl utility
  • The Bash Shell
  • AWS IAM roles, policies, trust relationships, and federation

The following content can be used to fulfill the prerequisites:

Updates

October 11th, 2024 - Updated Kubernetes version

December 5th, 2023 - Updated Kubernetes version

February 28th, 2023 - Updated to Kubernetes 1.24

Covered topics

Hands-on Lab UUID

Lab steps

0 of 5 steps completed.Use arrow keys to navigate between steps. Press Enter to go to a step if available.
  1. Logging In to the Amazon Web Services Console
  2. Connecting to the Virtual Machine using EC2 Instance Connect
  3. Reviewing Amazon EKS Resources Automatically Created
  4. Installing Kubernetes Management Tools and Utilities
  5. Associating IAM Roles with Kubernetes Service Accounts in Amazon EKS