Elastic Kubernetes service (EKS) is an AWS service that provides users with a fully-managed Kubernetes control plane. microservices and containerized applications are becoming ubiquitous tools that most cloud engineers look towards for development and deployment.
Kubernetes allow organizations the option of deploying portable and cloud-agnostic architectures. One of the major concerns for organizations is how applications send programmatic commands to a cloud provider like AWS. IRSA stands for “IAM roles for service accounts” this allows service accounts within kubernetes to authenticate AWS CLI requests as authorized IAM roles.
IRSA credentials within AWS are shared by Simple Token Service, or STS. This provides temporary credentials that allow kubernetes resources access to the AWS CLI. The bridge that allows this connection between Kubernetes and IAM is facilitated by an OIDC (OpenID Connect) connector.
OIDC stands for “OpenID connect” which is an authentication protocol that allowed verified user identities to connect to a protected HTTPs Endpoint.
OIDC within EKS creates an access point that allows cluster authentication actions to programmatically manage an AWS account. OIDC provides temporary credentials to access AWS services as a specific IAM role, this role will have policies that allow or deny access to specific AWS resources.
Once an OIDC connector is established, and IRSA is functional, then features like autoscaling can be implemented.