Associating AWS IAM Roles with Amazon EKS Service Accounts

Amazon Elastic Kubernetes Service (EKS) is a service from Amazon that hosts a Kubernetes cluster in the AWS cloud. It's common for applications hosted in a Kubernetes cluster to require access to cloud resources outside of the cluster.

Amazon EKS supports using Open ID Connect (OIDC) to associate an AWS IAM role with a Kubernetes Service Account. This association allows you to securely grant access to cloud resources and manage these credentials.

In this hands-on laboratory, you will deploy an application that uses AWS cloud resources and observe it fail due to not having access. You will create a Service Account and configure it to be associated with an AWS IAM role. You will then configure the application to use the Service Account and observe it successfully accessing a cloud resource.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

• Inspect AWS IAM roles and Kubernetes Service Accounts
• Create a new Service Account
• Associate a Service Account with a Deployment and AWS IAM role

Intended Audience

• Cloud Architects
• DevOps Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• The kubectl utility
• The Bash Shell
• AWS IAM roles, policies, trust relationships, and federation

The following content can be used to fulfill the prerequisites:

• Kubernetes Patterns for Application Developers
• Linux Command Line Byte Session
• AWS: Overview of AWS Identity & Access Management (IAM)

Updates

October 11th, 2024 - Updated Kubernetes version

December 5th, 2023 - Updated Kubernetes version

February 28th, 2023 - Updated to Kubernetes 1.24