Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for EKS Pod Identities #942

Open
2 tasks
jtschelling opened this issue Dec 8, 2023 · 12 comments
Open
2 tasks

Support for EKS Pod Identities #942

jtschelling opened this issue Dec 8, 2023 · 12 comments
Labels
feature-request A feature should be added or improved. p2

Comments

@jtschelling
Copy link

Describe the feature

When I try and use this github action to assume into a role that my pod has the permissions to assume into the action errors out with Error: Credentials could not be loaded, please check your action inputs: 169.254.170.23 is not a valid container metadata service hostname

This github action does not currently support the pod identities feature tmk.

Use Case

I have an EKS cluster that I run self-hosted runners in through the actions-runner-controller project. I want to use pod identities to simplify my IAM management.

Proposed Solution

Use the client-eks-auth feature in the aws sdk https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-eks-auth/README.md

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@jtschelling jtschelling added feature-request A feature should be added or improved. needs-triage This issue still needs to be triaged labels Dec 8, 2023
@tim-finnigan
Copy link
Contributor

Thanks for the feature request. Here is documentation on EKS Pod Identities for our reference: https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html.

Others can 👍this issue to show support and comment to share use cases and additional info.

@tim-finnigan tim-finnigan added p2 and removed needs-triage This issue still needs to be triaged labels Dec 11, 2023
@jmbravo
Copy link

jmbravo commented Mar 7, 2024

Probably related with aws/aws-sdk-js-v3#5709 ?

I'm getting the same error.

Got the same error also in Atlantis pod but upgrading Terraform AWS provider fixed the issue

@jtschelling did you find a workaround for this?

@yurii-kryvosheia
Copy link

@jmbravo the workaround is to use v2.2.0 🤷🏼‍♂️

@jmbravo
Copy link

jmbravo commented Apr 15, 2024

@jmbravo the workaround is to use v2.2.0 🤷🏼‍♂️

In which component?

@yurii-kryvosheia
Copy link

@jmbravo the workaround is to use v2.2.0 🤷🏼‍♂️

In which component?

In configure-aws-credentials action.

@casey-robertson-paypal
Copy link

This is the auth method that AWS recommends for EKS - it's been over 6 months now.....

@gabordk
Copy link

gabordk commented Jun 17, 2024

@tim-finnigan sorry for bugging but using pod identities is the official, AWS recommended way to access AWS resources.
Could you please raise the priority of this issue?
Thanks.

@gabordk
Copy link

gabordk commented Jun 17, 2024

@jmbravo the workaround is to use v2.2.0 🤷🏼‍♂️

In which component?

In configure-aws-credentials action.

Hi @yurii-kryvosheia, would you mind giving a little bit more detailed description how did you managed to go around this issue? Thanks a lot.

@jmbravo
Copy link

jmbravo commented Jun 17, 2024

@jmbravo the workaround is to use v2.2.0 🤷🏼‍♂️

In which component?

In configure-aws-credentials action.

EKS Pod Identity doesn't work in any aws-credential version (that's the purpose of this issue), I still don't understand your point.

@yurii-kryvosheia
Copy link

@jmbravo the workaround is to use v2.2.0 🤷🏼‍♂️

In which component?

In configure-aws-credentials action.

Hi @yurii-kryvosheia, would you mind giving a little bit more detailed description how did you managed to go around this issue? Thanks a lot.

I'm sorry, I didn't dig into this issue, I just rolled back to v2.2.0.

@bogdan-matei
Copy link

bogdan-matei commented Sep 5, 2024

It seems that this has been fixed in aws/aws-sdk-js-v3#5739 so the SDK version should be updated.
The repository received lots of updates meantime, but no tags have been release.

I just checked out this commit 0fc95ed93529d540ccff34b6c330f66318bdc888 rather than a specific tag and EKS Pod Identity works.

@eahangari-8x8
Copy link

Hi any update on this?

tobiemh added a commit to surrealdb/surrealdb that referenced this issue Nov 26, 2024
The unreleased `aws-actions/configure-aws-credentials` action supports EKS Pod identities, merged in aws-actions/configure-aws-credentials#942
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request A feature should be added or improved. p2
Projects
None yet
Development

No branches or pull requests

8 participants