Inject IAM Roles Anywhere credentials into pod running on EKSA Cluster

[saiteja313]

What would you like to be added:

We have EKS Pod identity webhook that injects IAM credentials into pod running on EKSA cluster.

This allows granular per pod/deployment credentials configuration.

Considering EKSA is deployed on on-premise, we want to have IAM Roles anywhere credentials injector for pods.

Why is this needed:

For security purposes to get granular IAM credentials on pod level.

Workaround:

./aws_signing_helper credential-process \
    --certificate /path/to/certificate.pem \
    --private-key /path/to/private-key.pem \
    --trust-anchor-arn <TA_ARN> \
    --profile-arn <PROFILE_ARN> \
    --role-arn <ExampleS3WriteRole_ARN>

Run above script as init container for application pod and store the credentials in a config file.

configure application to parse these credentails and authenticate with AWS cloud.