[cdk8s-plus] Add an IAM PolicyStatement to ServiceAccount

cdk8s-team / cdk8s

Define Kubernetes native apps and abstractions using object-oriented programming

https://cdk8s.io

Apache License 2.0

4.29k stars 291 forks source link

[cdk8s-plus] Add an IAM PolicyStatement to ServiceAccount #356

Closed van-vothanh closed 3 years ago

van-vothanh commented 3 years ago

With the @aws-cdk/aws-eks package, it is possible to add an IAM policy statement to a ServiceAccount through the this method https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.ServiceAccount.html#add-wbr-to-wbr-principal-wbr-policystatement-span-class-api-icon-api-icon-experimental-title-this-api-element-is-experimental-it-may-change-without-notice-span

How do we achieve the same using cdk8-plus's ServiceAccount construct?

Thank you

iliapolo commented 3 years ago

Hi @van-vothanh - The ServiceAccount in cdk8s-plus is not natively integrated with AWS IAM roles. You can create an iam.Role using the @aws-cdk/aws-iam package, add the desired policies and then annotate the service account with the role arn.

Essentially it would mean re-implementing the logic in the @aws-cdk/aws-eks.ServiceAccount construct.

van-vothanh commented 3 years ago

hi @iliapolo thanks for the clarification

cheers