When it comes to authentication and authorization in AWS, IAM (Identity & Access Management) is a crucial component. If you are utilizing EKS (Elastic Kubernetes Service – managed Kubernetes from AWS), granting IAM access to pods can make things simpler for migrating existing applications. There are a few reasons why IAM access in pods is important:
- Pods need AWS resources but, they are ephemeral and can’t rely on nodes for that. For example, one pod might be on node A now and might be on node B a few hours later.
- Applications running inside pods need access to AWS resources such as creating or deleting an S3 bucket, launching EC2 instances that would require additional work without adequate IAM access.
- Using IAM roles inside pods also ensures per application credentials which is a more secure architecture.
In AWS, IAM roles are attributed through instance profiles and are accessible by services through the usage of aws-sdk.. read full post here