Need Support for IRSA on AWS #462
Labels
Comments
kartik-moolya
added
bug
mergify bot
pushed a commit
that referenced
this issue
Mar 17, 2021
##### ISSUE TYPE <!--- Pick one below and delete the rest: --> - Feature Pull Request ##### SUMMARY <!--- Describe the change, including rationale and design decisions --> Capability to fetch AWS credentials from the EKS OIDC provider <!--- If you are fixing an existing issue, please include "Fixes #nnn" in your PR comment; and describe briefly what the change does. --> <!--- Please list dependencies added with your change also --> Fixes #462
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently the AWS signing works only when the request goes through EC2 metadata endpoint. We need to be able to auth using the Webhookidentity auth provided by AWS
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
Describe the solution you'd like
Allow creating AWS session object using the webhook identity
Describe alternatives you've considered
Using KIAM or directly the EC2 instance is the only option which cuts down the principle of "least access"
Additional context
This could help us cutting down the dependency on Kiam and rather use native AWS provided kubernetes JWT signing
The text was updated successfully, but these errors were encountered: