Tech
June 8

IRSA for non-EKS clusters

This talk discusses using IAM Roles for Service Accounts (IRSA) to provide secure access to AWS resources from within pods in EC2-based Kubernetes clusters. IRSA is a robust and fine-grained solution that is easy to set up and less prone to incidents than other solutions. It is backed by the OpenSource project Pod Identity Webhook and can be used on non-EKS clusters.
Talk abstract

To provide secure access to AWS resources, we have been using Kiam & Kube2iam project on our EC2-based clusters. Many of the AWS Customers moved to Amazon EKS and then adopted IAM Roles for Service Accounts (IRSA). IRSA is a feature that enables secure access to AWS resources from within pods while also providing robust identity and access management capabilities.

IRSA is much more robust, more fine-grained and easy to set up and less prone to incidents compared to other solutions.