Preparation

Enabling IAM Roles for Service Accounts on your Cluster

  • The IAM roles for service accounts feature is available on new Amazon EKS Kubernetes version 1.14 clusters, and clusters that were updated to versions 1.14 or 1.13 on or after September 3rd, 2019.

If your EKS cluster version is lower or does not match with above, please read the updating an Amazon EKS Cluster section in the User Guide.

kubectl version --short

If your aws cli version is lower than 1.18.15, use Installing the AWS CLI in the User Guide

aws --version


aws-cli/1.18.15 Python/2.7.16 Linux/4.14.133-88.112.amzn1.x86_64 botocore/1.12.228
Retrieve OpenID Connect issuer URL:
aws eks describe-cluster --name eksworkshop-eksctl --query cluster.identity.oidc.issuer --output text


https://oidc.eks.{AWS_REGION}.amazonaws.com/id/D48675832CA65BD10A532F59741CF90B