How to Assign AWS Service Permissions to Kubernetes Resources
Learn how to give k8s resources access to AWS services using Kubernetes Service Accounts
Ever run into a permissions denied error when your Kubernetes (K8s) application tries to access an AWS resource? Well, this means that you’re probably missing a Kubernetes service account.
What is the difference between a service and a service account in Kubernetes? Kubernetes has two types of users, regular users and service account users. Humans are normal users and these users are not managed by the Kubernetes cluster. Service accounts are maintained by the Kubernetes cluster. Service accounts are meant to represent the processes running in pods in the cluster
In this example, we create a service account that grants S3 read/write permissions to our Kubernetes pods. This same workflow could be used to provide permissions to other AWS services.
This article assumes the following:
- You have an EKS cluster running.
- You have created a Kubernetes namespace or plan on using the default namespace to manage your k8s resources.
