Hi,
I was wondering if it was possible to utilize an IAM role to connect S3 to KOTS and our EKS cluster? I found this post about using an instance profile, but I don’t think it’s very helpful in an EKS environment unfortunately.
I’ve also seen that we can see key/secret pair, but for security reasons, IAM roles would be best. Is this possible in our environment and through KOTS? Thanks!
Hi @Michael_Rader,
I’ll assist us with this question.
If you are referring to IAM Roles for Service Account (IRSA), for KOTS pod running in EKS, then this is not supported by KOTS today.
For now I can only think of attach IAM role to your EKS node with the required S3 permissions. When you configured Velero with Instance Role, it should use the node’s IAM role to access S3. May I know if you have issue with this approach?
Please use this link in Vendor Portal to submit feature request for IRSA support. Including your specific use case and security requirements will help our product team understand the priority and impact of this enhancement.
Cheers,
Gerard