Difference between revisions of "Configuring a Kubernetes service account to assume an IAM role"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
| + | |||
| + | |||
| + | |||
| + | cat >trust-relationship.json <<EOF | ||
| + | { | ||
| + | "Version": "2012-10-17", | ||
| + | "Statement": [ | ||
| + | { | ||
| + | "Effect": "Allow", | ||
| + | "Principal": { | ||
| + | "Federated": "arn:aws:iam::$account_id:[[oidc-provider/]]$oidc_provider" | ||
| + | }, | ||
| + | "Action": "[[sts:AssumeRoleWithWebIdentity]]", | ||
| + | "Condition": { | ||
| + | "StringEquals": { | ||
| + | "$oidc_provider:aud": "[[sts.amazonaws.com]]", | ||
| + | "$oidc_provider:sub": "system:serviceaccount:$namespace:$service_account" | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | ] | ||
| + | } | ||
| + | EOF | ||
== See also == | == See also == | ||
Revision as of 11:33, 24 October 2023
cat >trust-relationship.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::$account_id:oidc-provider/$oidc_provider"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"$oidc_provider:aud": "sts.amazonaws.com",
"$oidc_provider:sub": "system:serviceaccount:$namespace:$service_account"
}
}
}
]
}
EOF
See also
Advertising:
