using fine grained service account IAM roles in EKS

Question

using fine grained service account IAM roles in EKS

Closed this issue 3 years ago · 1 comments

Hi,
I'm using service account iam roles in amazon EKS, but I'm not able to get logstash s3 working using an IAM role.

I can see the environment variables in the pod:

AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
AWS_ROLE_ARN: arn:aws:iam::0123456789:role/logstash-cloudfront

The input config:

input {
      s3 {
        role_arn => "${AWS_ROLE_ARN}"
        bucket => "logs-cloudfront"
        prefix => "staging"
        region => "us-west-1"
      }
}

Is there anyway for the plugin to read the identity toke file?
Thanks in advance

Answer 1 · 2020-11-11T05:35:27.000Z

Any updates?