Modify IAM Role

In order for the X-Ray daemon to communicate with the service, we need to create a Kubernetes service account and attach an AWS Identity and Access Management (IAM) role and policy with sufficient permissions.

If you have not completed the IAM Roles for Service Accounts lab, please complete the Create an OIDC identity provider step now. You do not need to complete any other sections of that lab.

Create the service account for X-Ray.

eksctl create iamserviceaccount --name xray-daemon --namespace default --cluster eksworkshop-eksctl --attach-policy-arn arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess --approve --override-existing-serviceaccounts

Apply a label to the service account

kubectl label serviceaccount xray-daemon app=xray-daemon