enum IdentityType
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.EKS.IdentityType |
Go | github.com/aws/aws-cdk-go/awscdk/v2/awseks#IdentityType |
Java | software.amazon.awscdk.services.eks.IdentityType |
Python | aws_cdk.aws_eks.IdentityType |
TypeScript (source) | aws-cdk-lib » aws_eks » IdentityType |
Enum representing the different identity types that can be used for a Kubernetes service account.
Example
declare const cluster: eks.Cluster;
new eks.ServiceAccount(this, 'ServiceAccount', {
cluster,
name: 'test-sa',
namespace: 'default',
identityType: eks.IdentityType.POD_IDENTITY,
});
Members
Name | Description |
---|---|
IRSA | Use the IAM Roles for Service Accounts (IRSA) identity type. |
POD_IDENTITY | Use the EKS Pod Identities identity type. |
IRSA
Use the IAM Roles for Service Accounts (IRSA) identity type.
IRSA allows you to associate an IAM role with a Kubernetes service account. This provides a way to grant permissions to Kubernetes pods by associating an IAM role with a Kubernetes service account. The IAM role can then be used to provide AWS credentials to the pods, allowing them to access other AWS resources.
When enabled, the openIdConnectProvider of the cluster would be created when you create the ServiceAccount.
See also: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
POD_IDENTITY
Use the EKS Pod Identities identity type.
EKS Pod Identities provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances. Instead of creating and distributing your AWS credentials to the containers or using the Amazon EC2 instance's role, you associate an IAM role with a Kubernetes service account and configure your Pods to use the service account.
When enabled, the Pod Identity Agent AddOn of the cluster would be created when you create the ServiceAccount.
See also: https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html