You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
EKS Pod Identity automatically injects the AWS_CONTAINER_CREDENTIALS_FULL_URI and AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variables into pods. These are supported by AWS SDKs independently of Pod Identity and have been used in ECS for a long time. This mechanism is called Container credential provider: https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html
@jonsbun thanks for the details. I don't think there is any intentional ignoring/skipping here, so much as nobody has taken the time to add this. I'm certainly open to help with a PR if you are interested in using this. Just let me know if I can help in any way.
AWS introduced EKS Pod Identity last year: https://aws.amazon.com/blogs/aws/amazon-eks-pod-identity-simplifies-iam-permissions-for-applications-on-amazon-eks-clusters/
EKS Pod Identity automatically injects the AWS_CONTAINER_CREDENTIALS_FULL_URI and AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variables into pods. These are supported by AWS SDKs independently of Pod Identity and have been used in ECS for a long time. This mechanism is called Container credential provider: https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html
However, if I am understand correctly, https://github.com/fog/fog-aws/blob/master/lib/fog/aws/credential_fetcher.rb is ignoring these environment variables at this moment.
Explanation how EKS Pod Identity works: https://securitylabs.datadoghq.com/articles/eks-pod-identity-deep-dive/
The text was updated successfully, but these errors were encountered: