8000 ex_aws and ex_aws_sts does not seems to support IAM authentication within EKS? · Issue #1057 · ex-aws/ex_aws · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
ex_aws and ex_aws_sts does not seems to support IAM authentication within EKS? #1057
New issue
New issue
Open
Open
ex_aws and ex_aws_sts does not seems to support IAM authentication within EKS?#1057
@danibachar

Description

@danibachar
danibachar
opened on May 22, 2024
  • Do not use the issues tracker for help or support (try Elixir Forum, Slack, IRC, etc.)
  • Questions about how to contribute are fine.

Environment

  • Elixir & Erlang versions (elixir --version):1.16
  • ExAws version mix deps |grep ex_aws: 2.5.2 (ex_aws_s3: 2.5.2, ex_aws_sts: latest)
  • HTTP client version. IE for hackney do mix deps | grep hackney

Current behavior

I have an EKS cluster, when deploying a Deployment using a docker file. The SDK seems to fail to authenticate with the the ServiceAccount that is attached to that deployment.
It seems to default to an instance_role and auth with an IAM role of the nodes in the cluster.
In our example this IAM role does not have permissions to operate with an S3 bucket. Only the IAM role we have configure with the ServiceAccount.

I have checked that the newly create IAM role has succfient permissions and can operate with the relevant S3

Expected behavior

Working within EKS the SDK should work like any other AWS SDK and allow assuming/working with the IAM role that is attached to a Pod/Deployment using a ServiceAccount

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0