Can I use this for cross-account AWS access?

Absolutely. This skill covers how to configure OIDC trust relationships to allow EKS pods in one AWS account to safely assume IAM roles located in another account.

Why use IRSA instead of node-level IAM roles?

IRSA provides pod-level isolation, preventing a single compromised container from accessing all AWS resources available to the entire node, thereby fulfilling the principle of least privilege.

How do I verify if my IRSA setup is working correctly?

The skill includes specific validation commands to check for the presence of injected environment variables like AWS_WEB_IDENTITY_TOKEN_FILE and to test STS connectivity directly from within a running pod.

Does this skill include Terraform examples?

Yes, it provides ready-to-use Terraform snippets for enabling IRSA in EKS modules and creating specialized IAM roles for service accounts.

EKS IAM Roles for Service Accounts (IRSA)

Name: EKS IAM Roles for Service Accounts (IRSA)
Author: adaptationio

byadaptationio

0•

云基础设施

Implements and manages fine-grained, pod-level AWS IAM permissions for Amazon EKS clusters using OIDC federation.

This skill provides comprehensive guidance and implementation patterns for AWS IAM Roles for Service Accounts (IRSA), the industry-standard method for securing Kubernetes workloads on EKS. It helps developers move away from insecure node-level credentials by configuring OIDC trust relationships, automating service account annotations, and enforcing least-privilege security policies for AWS integrations like S3, DynamoDB, and internal controllers like the AWS Load Balancer Controller.

主要功能

010 GitHub stars

02Fine-grained pod-level AWS permission configuration

03Security hardening via IMDSv2 and least-privilege policies

04Comprehensive troubleshooting for OIDC and JWT token injection

05Production-ready Terraform implementation patterns

06Step-by-step OIDC trust relationship and provider setup

使用场景

01Setting up cross-account AWS resource access for EKS-based applications

02Configuring EKS add-ons like AWS Load Balancer Controller or EBS CSI Driver

03Migrating workloads from node-level IAM roles to secure pod-level permissions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptationio/skrillz eks-irsa

For use in Claude.ai and ChatGPT

Download Skill