Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add possibiblity to use AWS IAM roles for service accounts #137

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: add possibiblity to use AWS IAM roles for service accounts #137

wants to merge 5 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Jul 6, 2022

what

  • To allow usage of AWS IRSA the assume role policy of the created IAM role needs to be adapted, therefore an additional (and optional) statement for the sts:AssumeRoleWithWebIdentity action was added
  • To decouple sts:AssumeRole for the Service and the AWS principal types all statements have been split into separate blocks

why

  • To allow usage of AWS IAM roles inside of EKS AWS
  • more secure than handling AWS access keys and secrets

references

@ghost ghost requested review from a team as code owners July 6, 2022 13:09
@ghost ghost requested review from jhosteny and florian0410 July 6, 2022 13:09
@msvechla
Copy link

msvechla commented May 3, 2023

Is there an update on this @goruha, can we get this merged?

@mohramadan911
Copy link

looks promising we are waiting to use this feature in our labs as well , +1 for any merging updates ?

@hans-d hans-d added stale This PR has gone stale wip Work in Progress: Not ready for final review or merge and removed wip Work in Progress: Not ready for final review or merge labels Mar 8, 2024
@mergify Mergify
Copy link

mergify bot commented Mar 9, 2024

Thanks @davidsomebody for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

@mergify mergify bot added triage Needs triage and removed stale This PR has gone stale labels Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhosteny jhosteny Awaiting requested review from jhosteny jhosteny is a code owner automatically assigned from cloudposse/contributors

@florian0410 florian0410 Awaiting requested review from florian0410 florian0410 is a code owner automatically assigned from cloudposse/contributors

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
triage Needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@msvechla @mohramadan911 @hans-d @cloudpossebot @goruha @Gowiem