How to Assign AWS Service Permissions to Kubernetes Resources

Learn how to give k8s resources access to AWS services using Kubernetes Service Accounts

Eduardo Alvarez
4 min readMar 14, 2023
Images Source

Ever run into a permissions denied error when your Kubernetes (K8s) application tries to access an AWS resource? Well, this means that you’re probably missing a Kubernetes service account.

What is the difference between a service and a service account in Kubernetes? Kubernetes has two types of users, regular users and service account users. Humans are normal users and these users are not managed by the Kubernetes cluster. Service accounts are maintained by the Kubernetes cluster. Service accounts are meant to represent the processes running in pods in the cluster

In this example, we create a service account that grants S3 read/write permissions to our Kubernetes pods. This same workflow could be used to provide permissions to other AWS services.

This article assumes the following:

  • You have an EKS cluster running.
  • You have created a Kubernetes namespace or plan on using the default namespace to manage your k8s resources.

Configuring and Creating your K8s Service Account

--

--

Eduardo Alvarez
Eduardo Alvarez

Written by Eduardo Alvarez

AI Performance Optimization Lead @ AMD | Working on Operational AI, Performance Optimization, Scalable Deployments, and Applied ML | ex-Intel Corp.

No responses yet