Builder

The Amazon Resource Name (ARN) of the association.

The ID of the association.

The name of the cluster that the association is in.

The timestamp that the association was created at.

The state of the automatic sessions tags. The value of true disables these tags.

The unique identifier for this EKS Pod Identity association for a target IAM role. You put this value in the trust policy of the target role, in a Condition to match the sts.ExternalId. This ensures that the target role can only be assumed by this association. This prevents the confused deputy problem. For more information about the confused deputy problem, see The confused deputy problem in the IAM User Guide.

The most recent timestamp that the association was modified at.

The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the Pods that use the service account must be in this namespace.

If defined, the EKS Pod Identity association is owned by an Amazon EKS add-on.

The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the Pods that use this service account.

The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

The Amazon Resource Name (ARN) of the target IAM role to associate with the service account. This role is assumed by using the EKS Pod Identity association role, then the credentials for this role are injected into the Pod.