Pre-requisites
Step 1 - Get the OIDC provider
Get the OIDC issuer URL and check if the OIDC provider existsStep 2 - Create IAM role with assume role policy and required permissions
-
Create an following assume role policy
-
Create an IAM role using this assume role policy
-
Create the IAM policy with the required permissions.
-
Attach the policy to the IAM role
Step 4 - Annotate the serviceaccount with IAM role ARN
Create a service account in the namespace and annotate it with the IAM role ARN using TrueFoundry platform here with the following serviceaccount spec:Step 5 - Test
-
Run a pod and test if you are able to perform operations on the AWS S3 bucket
-
Go inside the pod and execute the following command
-
Run the command