You're reading from Mastering Elastic Kubernetes Service on AWS Deploy and manage EKS clusters to support cloud-native applications in AWS

Product type Paperback

Published in Jul 2023

Publisher Packt

ISBN-13 9781803231211

Length 448 pages

Edition 1st Edition

Languages

Python

Tools

AWS

Concepts

Cloud Computing

Authors (2):

Yang-Xin Cao

Malcolm Orr

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Getting Started with Amazon EKS

2. Chapter 1: The Fundamentals of Kubernetes and Containers FREE CHAPTER

3. Chapter 2: Introducing Amazon EKS

4. Chapter 3: Building Your First EKS Cluster

5. Chapter 4: Running Your First Application on EKS

6. Chapter 5: Using Helm to Manage a Kubernetes Application

7. Part 2: Deep Dive into EKS

8. Chapter 6: Securing and Accessing Clusters on EKS

9. Chapter 7: Networking in EKS

10. Chapter 8: Managing Worker Nodes on EKS

11. Chapter 9: Advanced Networking with EKS

12. Chapter 10: Upgrading EKS Clusters

13. Part 3: Deploying an Application on EKS

14. Chapter 11: Building Applications and Pushing Them to Amazon ECR

15. Chapter 12: Deploying Pods with Amazon Storage

16. Chapter 13: Using IAM for Granting Access to Applications

17. Chapter 14: Setting Load Balancing for Applications on EKS

18. Chapter 15: Working with AWS Fargate

19. Chapter 16: Working with a Service Mesh

20. Part 4: Advanced EKS Service Mesh and Scaling

21. Chapter 17: EKS Observability

22. Chapter 18: Scaling Your EKS Cluster

23. Chapter 19: Developing on EKS

24. Part 5: Overcoming Common EKS Challenges

25. Chapter 20: Troubleshooting Common Issues

26. Index

Why subscribe?

27. Other Books You May Enjoy

Understanding IRSA

Firstly, let’s look at how IAM role assignment works for standard EC2 instances. In AWS IAM, roles are used to allocate permissions (using one or more policies). A role can be assigned to an EC2 instance using an instance profile, which is simply a container for the IAM role that’s attached to a specific EC2 instance.

Figure 13.1 – EC2 role assignment

When an EC2 instance is created and assigned a role, the AWS platform will automatically create an instance profile. When that instance boots up, it will make a network call to the instance metadata service (IMDS), which runs in the VPC at the well-known address, 169.254.169.254, and query what (if any) instance profile (or role) is assigned to that instance. If one has been assigned, it can retrieve the access credentials, an example of which is shown next. These credentials consist of the access and secret keys, which are used for all AWS API calls and identify the...