geemus
commented
1 month ago @jonsbun thanks for the details. I don't think there is any intentional ignoring/skipping here, so much as nobody has taken the time to add this. I'm certainly open to help with a PR if you are interested in using this. Just let me know if I can help in any way.
AWS introduced EKS Pod Identity last year: https://aws.amazon.com/blogs/aws/amazon-eks-pod-identity-simplifies-iam-permissions-for-applications-on-amazon-eks-clusters/
EKS Pod Identity automatically injects the AWS_CONTAINER_CREDENTIALS_FULL_URI and AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variables into pods. These are supported by AWS SDKs independently of Pod Identity and have been used in ECS for a long time. This mechanism is called Container credential provider: https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html
However, if I am understand correctly, https://github.com/fog/fog-aws/blob/master/lib/fog/aws/credential_fetcher.rb is ignoring these environment variables at this moment.
Explanation how EKS Pod Identity works: https://securitylabs.datadoghq.com/articles/eks-pod-identity-deep-dive/