Configuring a Kubernetes service account to assume an IAM role

To deploy the SPE-AWS S3 Connector, you need to configure a Kubernetes service account to assume an AWS Identity and Access Management (IAM) role. Any Pods that are configured to use the service account can then access the required AWS services that the role has permissions to access.
To configure a Kubernetes service account
  1. Upload the script on AWS CloudShell.
    1. Run the
      pwsh
      command to switch to the PowerShell mode.
  2. Edit the script to set the following variables in the script:
    #existing cluster details $cluster_name="CLUSTER-NAME" $region_code="us-east-1" #existing queue name, queue should be in same region $connector_nrts_queue_name="NRTSQueueName" #service account that need to be created $sa_namespace="default" $service_account="SERVICE-ACCOUNT-NAME" #SPE AWS Connector role will be created with below name $spe_aws_connector_role_name="spe-sa-role" #SPE connector policy will be created with below name $spe_aws_connector_policy_name="SPE_Connector"
  3. Execute the script to create the service account and set the role.