Skip to content

port #137 - feat: add possibiblity to use AWS IAM roles for service accounts #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

port #137 - feat: add possibiblity to use AWS IAM roles for service accounts #209

wants to merge 7 commits into from

Conversation

goruha
Copy link
Member

@goruha goruha commented Aug 11, 2025

Port of #137

what

  • To allow usage of AWS IRSA the assume role policy of the created IAM role needs to be adapted, therefore an additional (and optional) statement for the sts:AssumeRoleWithWebIdentity action was added
  • To decouple sts:AssumeRole for the Service and the AWS principal types all statements have been split into separate blocks

why

  • To allow usage of AWS IAM roles inside of EKS AWS
  • more secure than handling AWS access keys and secrets

references

@goruha goruha requested review from a team as code owners August 11, 2025 13:49
@goruha goruha requested review from hans-d and kevcube August 11, 2025 13:49
@mergify Mergify
Copy link

mergify bot commented Aug 11, 2025

💥 This pull request now has conflicts. Could you fix it @goruha? 🙏

@mergify mergify bot added conflict This PR has conflicts triage Needs triage labels Aug 11, 2025
@goruha
Copy link
Member Author

goruha commented Aug 11, 2025

/terratest

@mergify mergify bot removed the conflict This PR has conflicts label Aug 11, 2025
@mergify mergify bot mentioned this pull request Aug 11, 2025
Merged
@oycyc
Copy link
Contributor

oycyc commented Aug 11, 2025

/terratest

@mergify mergify bot removed the triage Needs triage label Aug 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oycyc oycyc oycyc approved these changes

@hans-d hans-d Awaiting requested review from hans-d hans-d is a code owner automatically assigned from cloudposse/contributors

@kevcube kevcube Awaiting requested review from kevcube kevcube is a code owner automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@goruha @oycyc @cloudpossebot @Gowiem