IRSA

Jan 1, 0001

Definition

IRSA, or IAM Roles for Service Accounts, is a feature in Amazon EKS (Elastic Kubernetes Service) that allows Kubernetes service accounts to assume AWS IAM roles. This enables fine-grained access control to AWS resources by associating a specific IAM role with a Kubernetes service account, ensuring that pods running in the cluster can securely access AWS services without needing to manage AWS credentials directly within the pods.

Secure Settings Example

apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/MySecureRole

Insecure Settings Example

apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/MyOverprivilegedRole

IRSA

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter