Is it possible assume role rather than explicitly providing the credentials?
Context: When running on Kubernetes (EKS), we use a Kubernetes ServiceAccount. We don't even have these values: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN. Instead we have AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE. So for example, when using boto3, it automagically detects this and handles assuming the role.
Is it possible assume role rather than explicitly providing the credentials?
Context: When running on Kubernetes (EKS), we use a Kubernetes
ServiceAccount
. We don't even have these values:AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
,AWS_SESSION_TOKEN
. Instead we haveAWS_ROLE_ARN
andAWS_WEB_IDENTITY_TOKEN_FILE
. So for example, when usingboto3
, it automagically detects this and handles assuming the role.boto3 Assume Role With Web Identity Provider
EKS Docs IAM roles for service accounts