Skip to content

feat: add possibiblity to use AWS IAM roles for service accounts #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 0 commits into from
Aug 11, 2025
Merged

feat: add possibiblity to use AWS IAM roles for service accounts #137

merged 0 commits into from
Aug 11, 2025

Conversation

ghost
Copy link

@ghost ghost commented Jul 6, 2022

what

  • To allow usage of AWS IRSA the assume role policy of the created IAM role needs to be adapted, therefore an additional (and optional) statement for the sts:AssumeRoleWithWebIdentity action was added
  • To decouple sts:AssumeRole for the Service and the AWS principal types all statements have been split into separate blocks

why

  • To allow usage of AWS IAM roles inside of EKS AWS
  • more secure than handling AWS access keys and secrets

references

@ghost ghost requested review from a team as code owners July 6, 2022 13:09
@ghost ghost requested review from jhosteny and florian0410 July 6, 2022 13:09
@msvechla
Copy link

msvechla commented May 3, 2023

Is there an update on this @goruha, can we get this merged?

@mohramadan911
Copy link

looks promising we are waiting to use this feature in our labs as well , +1 for any merging updates ?

@hans-d hans-d added stale This PR has gone stale wip Work in Progress: Not ready for final review or merge and removed wip Work in Progress: Not ready for final review or merge labels Mar 8, 2024
@mergify Mergify
Copy link

mergify bot commented Mar 9, 2024

Thanks @davidsomebody for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

@mergify mergify bot added triage Needs triage and removed stale This PR has gone stale labels Mar 15, 2024
@goruha goruha changed the base branch from main to add-irsa August 10, 2025 19:27
@mergify Mergify
Copy link

mergify bot commented Aug 10, 2025

💥 This pull request now has conflicts. Could you fix it @ghost? 🙏

@mergify mergify bot added the conflict This PR has conflicts label Aug 10, 2025
@goruha goruha merged commit 7056f75 into cloudposse:add-irsa Aug 11, 2025
1 check passed
@mergify mergify bot removed conflict This PR has conflicts triage Needs triage labels Aug 11, 2025
@goruha goruha mentioned this pull request Aug 11, 2025
Open
@mergify Mergify
Copy link

mergify bot commented Aug 11, 2025

⚠️ The sha of the head commit of this PR conflicts with #209. Mergify cannot evaluate rules on this PR. ⚠️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhosteny jhosteny Awaiting requested review from jhosteny jhosteny was automatically assigned from cloudposse/contributors

@florian0410 florian0410 Awaiting requested review from florian0410 florian0410 was automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@msvechla @mohramadan911 @hans-d @goruha