I have an EKS cluster hosted in eu-west-3. This cluster has the Amazon EKS Pod Identity Agent plug-in installed, and a Pod Identity association created with a role that gives access to, between other things, Secrets Manager.

I have launched a pod in the cluster that runs sleep infinity for debugging and when trying to run kubectl exec -it POD_NAME -- aws sts get-caller-identity I get the following error:

Unsupported host ''.  Can only retrieve metadata from these hosts:, localhost,

From what I know, the instance metadata is supposed to be for EC2 instances and for ECS, but here it's trying to connect to which is the EKS Pod Identity Agent.

What am I doing wrong ? Have I misconfigured something ? Why is my pod unable to get its identity and access the metadata service ?

I have managed to get it working using a different service account than the default one, by following this link

This one isn't clear enough in my opinion and it didn't work when I used the default service account in the default namespace. Maybe it would work with a different service account ?

