Skip to content

Commit

Permalink
Fixed typos
Browse files Browse the repository at this point in the history
  • Loading branch information
@yurhasko
yurhasko committed Dec 28, 2024
1 parent 1231de8 commit ed52d9e
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions AUTHENTICATION.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ configured by means of `aws.upbound.io/v1beta1/ProviderConfig` resources.
`provider-aws` currently supports the following authentication mechanisms:
- Authentication with long-term IAM user credentials
- Authentication using *I*AM *R*oles for *S*ervice *A*ccounts (IRSA)
- Authentication using `PodIdentity`
- Authentication using EKS Pod Identity
- Authentication using an assumed Web identity

The authentication mechanism to be used can be selected by setting the
Expand Down Expand Up @@ -261,7 +261,7 @@ match the chain of the trust policies defined among the roles.
EKS Pod Identity authentication is available when `provider-aws` is running on an EKS cluster and [EKS Pod Identity has been configured for that cluster](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). Unlike IRSA, EKS Pod Identity eliminates the need for an OIDC provider. Instead, it relies on the built-in `pods.eks.amazonaws.com` service principal and the EKS Pod Identity Agent for managing IAM roles and credentials.

Configuring EKS Pod Identity for EKS involves:
1) [installing EKS Pod Identity Agent](https://docs.aws.amazon.com/eks/latest/userguide/pod-id-agent-setup.html)
1) [Installing EKS Pod Identity Agent](https://docs.aws.amazon.com/eks/latest/userguide/pod-id-agent-setup.html)
2) Associating a Kubernetes `ServiceAccount` with an IAM role so that an EKS workload running under that `ServiceAccount` will be authenticated as its associated IAM Role against the AWS API. [The association between the Kubernetes `ServiceAccount` and the IAM role](https://docs.aws.amazon.com/eks/latest/userguide/pod-id-association.html#pod-id-association-create) is done by creating an EKS Pod Identity association between the `ServiceAccount` and `namespace` on the EKS cluster and the IAM role on the AWS account.

The `ServiceAccount` under which `provider-aws` is running, and the `namespace` in which the `provider-aws` is deployed, must match the configuration of the previously configured Pod Identity association.
Expand Down

0 comments on commit ed52d9e

Please sign in to comment.