From ed52d9ec0947d6842a49a9b18840ca987fc552f8 Mon Sep 17 00:00:00 2001 From: yurhasko Date: Sat, 28 Dec 2024 15:43:54 +0200 Subject: [PATCH] Fixed typos --- AUTHENTICATION.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AUTHENTICATION.md b/AUTHENTICATION.md index e418cac006..0fd9180a95 100644 --- a/AUTHENTICATION.md +++ b/AUTHENTICATION.md @@ -12,7 +12,7 @@ configured by means of `aws.upbound.io/v1beta1/ProviderConfig` resources. `provider-aws` currently supports the following authentication mechanisms: - Authentication with long-term IAM user credentials - Authentication using *I*AM *R*oles for *S*ervice *A*ccounts (IRSA) -- Authentication using `PodIdentity` +- Authentication using EKS Pod Identity - Authentication using an assumed Web identity The authentication mechanism to be used can be selected by setting the @@ -261,7 +261,7 @@ match the chain of the trust policies defined among the roles. EKS Pod Identity authentication is available when `provider-aws` is running on an EKS cluster and [EKS Pod Identity has been configured for that cluster](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). Unlike IRSA, EKS Pod Identity eliminates the need for an OIDC provider. Instead, it relies on the built-in `pods.eks.amazonaws.com` service principal and the EKS Pod Identity Agent for managing IAM roles and credentials. Configuring EKS Pod Identity for EKS involves: -1) [installing EKS Pod Identity Agent](https://docs.aws.amazon.com/eks/latest/userguide/pod-id-agent-setup.html) +1) [Installing EKS Pod Identity Agent](https://docs.aws.amazon.com/eks/latest/userguide/pod-id-agent-setup.html) 2) Associating a Kubernetes `ServiceAccount` with an IAM role so that an EKS workload running under that `ServiceAccount` will be authenticated as its associated IAM Role against the AWS API. [The association between the Kubernetes `ServiceAccount` and the IAM role](https://docs.aws.amazon.com/eks/latest/userguide/pod-id-association.html#pod-id-association-create) is done by creating an EKS Pod Identity association between the `ServiceAccount` and `namespace` on the EKS cluster and the IAM role on the AWS account. The `ServiceAccount` under which `provider-aws` is running, and the `namespace` in which the `provider-aws` is deployed, must match the configuration of the previously configured Pod Identity association.