Can I use this for cross-account AWS access?

Absolutely. This skill covers how to configure OIDC trust relationships to allow EKS pods in one AWS account to safely assume IAM roles located in another account.

Why use IRSA instead of node-level IAM roles?

IRSA provides pod-level isolation, preventing a single compromised container from accessing all AWS resources available to the entire node, thereby fulfilling the principle of least privilege.

How do I verify if my IRSA setup is working correctly?

The skill includes specific validation commands to check for the presence of injected environment variables like AWS_WEB_IDENTITY_TOKEN_FILE and to test STS connectivity directly from within a running pod.

Does this skill include Terraform examples?

Yes, it provides ready-to-use Terraform snippets for enabling IRSA in EKS modules and creating specialized IAM roles for service accounts.

EKS IAM Roles for Service Accounts (IRSA)

Name: EKS IAM Roles for Service Accounts (IRSA)
Author: adaptationio

byadaptationio

云基础设施

Implements and manages fine-grained, pod-level AWS IAM permissions for Amazon EKS clusters using OIDC federation.

关于

This skill provides comprehensive guidance and implementation patterns for AWS IAM Roles for Service Accounts (IRSA), the industry-standard method for securing Kubernetes workloads on EKS. It helps developers move away from insecure node-level credentials by configuring OIDC trust relationships, automating service account annotations, and enforcing least-privilege security policies for AWS integrations like S3, DynamoDB, and internal controllers like the AWS Load Balancer Controller.

主要功能

0 GitHub stars
Fine-grained pod-level AWS permission configuration
Security hardening via IMDSv2 and least-privilege policies
Comprehensive troubleshooting for OIDC and JWT token injection
Production-ready Terraform implementation patterns
Step-by-step OIDC trust relationship and provider setup

使用场景

Setting up cross-account AWS resource access for EKS-based applications
Configuring EKS add-ons like AWS Load Balancer Controller or EBS CSI Driver
Migrating workloads from node-level IAM roles to secure pod-level permissions

关于

主要功能

0 GitHub stars
Fine-grained pod-level AWS permission configuration
Security hardening via IMDSv2 and least-privilege policies
Comprehensive troubleshooting for OIDC and JWT token injection
Production-ready Terraform implementation patterns
Step-by-step OIDC trust relationship and provider setup

使用场景

Setting up cross-account AWS resource access for EKS-based applications
Configuring EKS add-ons like AWS Load Balancer Controller or EBS CSI Driver
Migrating workloads from node-level IAM roles to secure pod-level permissions