Posted On: May 8, 2024
Today, Amazon EKS introduces EKS Pod Identity, a new feature that simplifies how cluster administrators can configure Kubernetes applications to obtain Amazon Identity and Access Management (IAM) permissions. These permissions can now be easily configured with fewer steps directly through EKS console, APIs, and CLI. EKS Pod Identity makes it easy to use an IAM role across multiple clusters and simplifies policy management by enabling the reuse of permission policies across IAM roles.
EKS Pod Identity offers cluster administrators a simplified workflow for authenticating applications to resources such as Amazon S3 buckets, Amazon DynamoDB tables, and more. As a result, cluster administrators need not switch between the EKS and IAM services, or execute privileged IAM operations to configure permissions required by your applications. IAM roles can now be used across multiple clusters without the need to update the role trust policy when creating new clusters. IAM credentials supplied by EKS Pod Identity include support for role session tags, with support for attributes such as cluster name, namespace, service account name. Role session tags enable administrators to author a single permission policy that can work across roles by allowing access to resources based on matching tags.
EKS Pod Identity is available in Amazon Web Services China (Beijing) Region, operated by Sinnet, as well as the Amazon Web Services China (Ningxia) Region, operated by NWCD. To get started visit the EKS documentation.