Specifying an IAM Role for Service Account

Specifying an IAM Role for your Service Account

In the previous step, we created the IAM role that associated with a service account named iam-test in the cluster and this has already been done for you with the service account you specified when creating the role.

  • Be sure your service account iam-test is exist
kubectl get sa
NAME SECRETS AGE
default 1 85m
iam-test 1 44m
  • Make sure your service account with the ARN of the IAM role is annotated
kubectl describe sa iam-test

Name: iam-test
Namespace: default
Labels:
Annotations: eks.amazonaws.com/role-arn: arn:aws:iam::14xxxxxxxx84:role/eksctl-eksworkshop-eksctl-addon-iamserviceac-Role1-1PJ5Q3H39Z5M9
Image pull secrets:
Mountable secrets: iam-test-token-5n9cb
Tokens: iam-test-token-5n9cb
Events: