I think the issue is you're trying to have your pods access the nodes IAM role. Unless the AWS resource access requirements are uniform throughout your pods, you may be better off leveraging the service account you apply at a pod level.
In order to fix this; you should try to have the IAM role being assumed be the IAM role for service accounts. This documentation should help: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
Alternatively, you may want to look at the secrets manager integration for EKS: https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html
Thank you very much Chris, these aproach are fine for me.
- Accepted Answerasked 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 5 months ago
- EXPERTpublished 19 days ago
- EXPERTpublished 8 hours ago