IAM – Logs, links, notes, recipes, …

TL;DR

AWS Credentials

Get the role name wget http://169.254.169.254/latest/meta-data/iam/info will get something like: { “Code” : “Success”, “LastUpdated” : “2020-03-06T20:34:08Z”, “InstanceProfileArn” : “arn:aws:iam::3940394039403:instance-profile/ProfileName”, “InstanceProfileId” : “kasdjaksjakjsa” } or better yet, get the role name from: wget http://169.254.169.254/latest/meta-data/iam/security-credentials It will be the name of the only entry returned. then get credentials with: wget http://169.254.169.254/latest/meta-data/iam/security-credentials/ProfileName Read more…

By Felipe Crochik, 3 years3 years ago

TL;DR

EKS – IAM roles

Similar to assigning an IAM role to a ec2 instance to grant access to the applications running on it to access AWS services, you can assign an IAM role to each individual k8s service. This will allow you to get finer control and only grant the access to aws resources Read more…

By Felipe Crochik, 3 years3 years ago