Issue Assuming Role on EKS
Closed this issue · 3 comments
andrew-aiken commented
When using service account annotations the pod can assume the role with a web identity. Running aws cli commands returns the correct role.
Issue
But when using the raws it will run the commands using the role on the node itself.
Code
On the service account attached to the pod
metadata:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/k8s-XXXX-role
Work Around
The entrypoint runs a bash script that has the role assume itself & exports the creds to environment variables that raws can use.
DyfanJones commented
Hi @andrew-aiken does pr #559 help to resolve this issue?
andrew-aiken commented
Looks like it does!
Thx
DyfanJones commented
@andrew-aiken just for update paws.common 0.5.2 has been released on the cran, resolving this issue :)