How to access resources created via ACK in EKS

Question

I am new to using AWS EKS and I want to build an application which uses some AWS native services like S3 and RDS. I have seen that I can create resources like a S3 bucket and a RDS database using the AWS Controllers for Kubernetes (ACK). But am I seeing it correctly that I still need to create IAM roles and security group rules myself to grant my pods (or the pod's service account) access to these AWS resources? I suppose I could also use the additional ACK controllers for EC2 (for security groups) and IAM (for roles and policies) to also create these from inside my kubernetes manifests, but is there maybe an easier way?

Accepted Answer

When using AWS Controllers for Kubernetes (ACK) to create AWS resources like S3 buckets and RDS databases, you still need to manage the IAM roles and security group rules yourself to grant access to these resources.

To grant your pods or the pod's service account access to AWS resources, you can follow these steps:

1. Create a role with the necessary permissions to access the AWS resources you want to use. You can use the AWS Management Console, AWS CLI, or AWS SDKs to create the IAM role.
2. Attach the IAM role to your EKS worker nodes or use the IAM roles for service accounts feature to associate the IAM role with your pod's service account. This allows your pods to assume the IAM role and access the AWS resources.
3. Configure the necessary security group rules to allow inbound/outbound traffic between your pods and the AWS resources. You can use the AWS Management Console, AWS CLI, or ACK controllers for EC2 to create and manage security groups.

How to access resources created via ACK in EKS

Relevant content