github-actions[bot]
commented
3 months ago ✅ All required contributors have signed the F5 CLA for this PR. Thank you!
Posted by the CLA Assistant Lite bot.
Closed tieum closed 3 months ago
github-actions[bot]
commented
3 months ago ✅ All required contributors have signed the F5 CLA for this PR. Thank you!
Posted by the CLA Assistant Lite bot.
tieum
commented
3 months ago I have hereby read the F5 CLA and agree to its terms
4141done
commented
3 months ago Thank you for your contribution, @tieum 🎉 I will make some time to understand and review this week.
Based on my quick look, can you confirm some things for me?
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE?tieum
commented
3 months ago 👋 @4141done
The AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environnement variable is available in the container when using EKS Pod Identity, the same way than AWS_WEB_IDENTITY_TOKEN_FILE is available when using IRSA
I've updated the getting_started.md on how to set it up
EKS Pod Identity was released in December 2023 and provides an alternative way to grant workload access to AWS, the differences with IAM Roles for Services Accounts can be found here, a Datadog Security Labs blog post also sums it up nicely
4141done
commented
3 months ago Thank you for the explanation and for the very clean pull request. I think this is a great addition to the library. I have two requests before we merge:
tieum
commented
3 months ago
Proposed changes
Add support of EKS pod identities
Checklist
[x] I have read the contributing guidelines.
[x] I have signed the F5 Contributor License Agreement (CLA).
[ ] If applicable, I have added tests that prove my fix is effective or that my feature works. --> I didn't manage to add the correct test, however I didn't find any for webIdentity auth neither
[ ] I have updated any relevant documentation (e.g.
README.md). --> there is a nice .png for which I didn't have the source to add_fetchEKSPodIdentityCredentialsin the list