EBS CSI driver installation

The Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver manages the lifecycle of Amazon EBS volumes as storage for the Kubernetes Volumes that you create. The Amazon EBS CSI driver makes Amazon EBS volumes for these types of Kubernetes volumes: generic ephemeral volumes and persistent volumes.


  1. EKS cluster and access to EKS cluster through awscli
  2. Export the below variables
    export CLUSTER_NAME=""
    export AWS_REGION=""
    export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
    export OIDC_ENDPOINT=$(aws eks describe-cluster --name ${CLUSTER_NAME} \
        --query "cluster.identity.oidc.issuer" --output text)

Creating the IAM role

  1. Create the following policy document
    cat > ebs-assume-role-policy.json <<EOF
      "Version": "2012-10-17",
      "Statement": [
          "Effect": "Allow",
          "Principal": {
            "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_ENDPOINT#*//}"
          "Action": "sts:AssumeRoleWithWebIdentity",
          "Condition": {
            "StringEquals": {
              "${OIDC_ENDPOINT#*//}:aud": "sts.amazonaws.com",
              "${OIDC_ENDPOINT#*//}:sub": "system:serviceaccount:aws-ebs-csi-driver:ebs-csi-controller-sa"
  2. Create the role using the below command
    # Create the role
    aws iam create-role \
      --role-name AmazonEKS_EBS_CSI_DriverRole-${CLUSTER_NAME} \
      --assume-role-policy-document file://"ebs-assume-role-policy.json"
    # Attach the policy
    aws iam attach-role-policy \
      --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
      --role-name AmazonEKS_EBS_CSI_DriverRole-${CLUSTER_NAME}

Installing the AWS EBS CSI driver

  1. Head over to the platform and connect the cluster if you haven't connected it to the TrueFoundry's platform.

  2. From the left panel go to the Integrations tab and click on Manage Applications from the the three dots in the right bottom corner of the cluster card.

  3. Go to the Volumes Section and click on +Install against Aws Ebs Csi Driver

  4. Click on Create Workspace on the next screen followed by Create to leave the settings of the workspace aws-ebs-csi-driver as default.

  5. In the next screen enter the Role ARN at line 7

  6. Following is an example

      tolerateAllTaints: true
        name: ebs-csi-controller-sa
          eks.amazonaws.com/role-arn: arn:aws:iam::XXXXXX:role/AmazonEKS_EBS_CSI_DriverRole-CLUSTER_NAME