简体繁体中英

Kubernetes service account to access AWS S3 for different users in the container

原文 2022-06-09 09:15:08 5 1 amazon-web-services/ kubernetes/ amazon-s3/ amazon-eks/ k8s-serviceaccount

I have an EKS deployment with a service account with policy and role that enable access to S3.

This works well for root account in the container. The container can execute aws s3 cp ... with no issue.

The problem is that another user cannot. It gets AccessDenied from the S3 service, meaning it does not have the correct credentials.

So my question is: how to give rights to another user in the container (which is linux based) in this case?

(I don't think it's specific to Eks as service accounts are generic to kubernetes.)

1 answers

You can check out the reference for how IAM roles for service accounts work in k8s here .
In short, in order to allow another user to use the IAM role the same environment variables have to be configured for that user, and it needs to be able to access the path specified in the AWS_WEB_IDENTITY_TOKEN_FILE variable.
Once both of these prerequisites are met, the user should be able to use the same identity as the root user.

How to give access of s3 bucket residing in Account A to different iam users from multiple aws accounts?

Access s3 bucket from different aws account

Can users upload files into a S3 bucket without frontend experience or users having access to AWS account?

Grant access to AWS S3 bucket/folder to users without AWS account

Cross account IAM roles for Kubernetes service account - s3 bucket

AWS S3 ACL for allowing access for all users or roles, etc. in a specific account

Deny AWS S3 bucket access for 2 users

Can an AWS S3 bucket policy be used to restrict different access types to different users

AWS S3 upload to a bucket in a different account and give ownership to that account?

Allow AWS Glue crawler to access Amazon S3 bucket in a different account

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to give access of s3 bucket residing in Account A to different iam users from multiple aws accounts? Access s3 bucket from different aws account Can users upload files into a S3 bucket without frontend experience or users having access to AWS account? Grant access to AWS S3 bucket/folder to users without AWS account Cross account IAM roles for Kubernetes service account - s3 bucket AWS S3 ACL for allowing access for all users or roles, etc. in a specific account Deny AWS S3 bucket access for 2 users Can an AWS S3 bucket policy be used to restrict different access types to different users AWS S3 upload to a bucket in a different account and give ownership to that account? Allow AWS Glue crawler to access Amazon S3 bucket in a different account

Related Tags

Kubernetes service account to access AWS S3 for different users in the container

Question

1 answers

solution1 1 ACCPTED 2022-06-09 09:23:42

solution1
1 ACCPTED 2022-06-09 09:23:42