[AWS-EFS][IAM] AWS EFS CSI instructions say to use a service account w/ IAM role association, but is it possible with KIAM instead?

• amazon-eks-pod-identity-webhook

  8 581 6.8 Go

  Amazon EKS Pod Identity Webhook

  

The Amazon EKS Pod Identity Webhook on the cluster watches for pods that are associated with service accounts with this special annotation & injects Web Identity Token credentials into the pod as environment variables (technical details here).

• aws-efs-csi-driver

  11 683 8.5 Go

  CSI Driver for Amazon EFS https://aws.amazon.com/efs/

  

So when the EFS controller pod initializes, it fetches for AWS credentials via the AWS SDK (in this case, the aws-efs-csi-driver is using aws-sdk-go). AWS SDKs implements a mechanism for obtaining credentials called the AWS credentials provider chain, which looks for credentials in this order:

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• aws-sdk-go

  34 8,549 9.4 Go

  AWS SDK for the Go programming language.

  

So when the EFS controller pod initializes, it fetches for AWS credentials via the AWS SDK (in this case, the aws-efs-csi-driver is using aws-sdk-go). AWS SDKs implements a mechanism for obtaining credentials called the AWS credentials provider chain, which looks for credentials in this order:

• kiam

  5 1,144 3.9 Go

  Discontinued Integrate AWS IAM with Kubernetes

  

How Kiam provides a pod with the AWS role credentials is by intercepting API calls to the metadata service (technical details here & here).

Suggest a related project