Switch to go.mod and update the aws-sdk
edify42 opened this issue · 2 comments
Hey @cmattoon -
The current version of the code uses an outdated aws-sdk which doesn't support the AssumeRoleWithWebIdentity IAM call. The architecture also depends on the node running the container having access to the secrets.
I'm using your container on EKS with the OIDC identity stuff enabled which allows pods to assume roles in AWS, thus I can limit the permissions i need to set on a node.
I updated that with some other packages as well as the dependency system you were using before hand 😊
I think i'm also using a newer version of golang but that's not as important.
I'll write up the PR for this shortly.
fyi this is a good article explaining the new permission model https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/