Specifying an IAM Role for Service Account

In the previous step, we created the IAM role that is associated with a service account named iam-test in the cluster.

First, let’s verify your service account iam-test exists

kubectl get sa iam-test

iam-test   1         5m

Make sure your service account with the ARN of the IAM role is annotated

kubectl describe sa iam-test

Name:                iam-test
Namespace:           default
Labels:              app.kubernetes.io/managed-by=eksctl
Annotations:         eks.amazonaws.com/role-arn: arn:aws:iam::40XXXXXXXX75:role/eksctl-sandbox-addon-iamserviceaccount-defau-Role1-1B37L4A1UEXYS
Image pull secrets:  <none>
Mountable secrets:   iam-test-token-zbk55
Tokens:              iam-test-token-zbk55
Events:              <none>