kube-aws-iam-controller icon indicating copy to clipboard operation
kube-aws-iam-controller copied to clipboard

Published 20 hours ago verified publisher icon zalando-incubator

Obsolete with new AWS feature ("Fine-Grained IAM Roles for Service Accounts")?

Open hjacobs opened this issue 5 years ago • 1 comments

See https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/

Twitter thread: https://twitter.com/mhausenblas/status/1169292857108324353

OSS repo: https://github.com/aws/amazon-eks-pod-identity-webhook

hjacobs avatar Sep 04 '19 17:09 hjacobs

Betteridge's Law of Headlines comes to mind here. A new solution doesn't render this solution obsolete. This new solution involves a mutating admission Webhook, projected service account tokens, an OIDC provider, mating IAM roles to service accounts, and new capabilities in the AWS API. Not all existing users of this program could swallow all of that.

seh avatar Sep 04 '19 18:09 seh