-
Notifications
You must be signed in to change notification settings - Fork 475
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for EKS Pod Identities #942
Comments
Thanks for the feature request. Here is documentation on EKS Pod Identities for our reference: https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html. Others can 👍this issue to show support and comment to share use cases and additional info. |
Probably related with aws/aws-sdk-js-v3#5709 ? I'm getting the same error. Got the same error also in Atlantis pod but upgrading Terraform AWS provider fixed the issue @jtschelling did you find a workaround for this? |
@jmbravo the workaround is to use v2.2.0 🤷🏼♂️ |
In which component? |
In configure-aws-credentials action. |
This is the auth method that AWS recommends for EKS - it's been over 6 months now..... |
@tim-finnigan sorry for bugging but using pod identities is the official, AWS recommended way to access AWS resources. |
Hi @yurii-kryvosheia, would you mind giving a little bit more detailed description how did you managed to go around this issue? Thanks a lot. |
EKS Pod Identity doesn't work in any aws-credential version (that's the purpose of this issue), I still don't understand your point. |
I'm sorry, I didn't dig into this issue, I just rolled back to v2.2.0. |
It seems that this has been fixed in aws/aws-sdk-js-v3#5739 so the SDK version should be updated. I just checked out this commit |
Hi any update on this? |
The unreleased `aws-actions/configure-aws-credentials` action supports EKS Pod identities, merged in aws-actions/configure-aws-credentials#942
Describe the feature
When I try and use this github action to assume into a role that my pod has the permissions to assume into the action errors out with
Error: Credentials could not be loaded, please check your action inputs: 169.254.170.23 is not a valid container metadata service hostname
This github action does not currently support the pod identities feature tmk.
Use Case
I have an EKS cluster that I run self-hosted runners in through the actions-runner-controller project. I want to use pod identities to simplify my IAM management.
Proposed Solution
Use the
client-eks-auth
feature in the aws sdk https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-eks-auth/README.mdOther Information
No response
Acknowledgements
The text was updated successfully, but these errors were encountered: