-
Type: New Feature
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Component/s: Authentication
-
Needed
-
Summary
In late Nov 2023, AWS introduced EKS Pod Identity, a way to simplify how cluster admins can configure Kubernetes applications to obtain AWS IAM permissions. Though we support EKS authentication today (see DRIVERS-1746), this newer authentication mechanism is not supported. This ticket covers adding support for EKS Pod Identity into our drivers.
Motivation
Who is the affected end user?
Customers with Amazon EKS clusters who wish to adopt this new feature.
How does this affect the end user?
They are unable to use EKS Pod Identity in a supported way.
How likely is it that this problem or use case will occur?
Main path? Edge case?
If the problem does occur, what are the consequences and how severe are they?
Minor annoyance at a log message? Performance concern? Outage/unavailability? Failover can't complete?
Is this issue urgent?
Does this ticket have a required timeline? What is it?
Is this ticket required by a downstream team?
Needed by e.g. Atlas, Shell, Compass?
Is this ticket only for tests?
No.
Acceptance Criteria
What specific requirements must be met to consider the design phase complete?
- depends on
-
DRIVERS-2882 Add Kubernetes Support for OIDC
- In Progress
- is related to
-
DRIVERS-1746 Add native support for AWS IAM Roles for service accounts, EKS in particular
- Closed
-
DRIVERS-2475 Consider Using AWS SDK for Auth
- Implementing