IAM Roles for Service Accounts have many advantages when deploying Flink on

>From AWS documentation:

*With IAM roles for service accounts on Amazon EKS clusters, you can
> associate an IAM role with a Kubernetes service account. This service
> account can then provide AWS permissions to the containers in any pod that
> uses that service account. With this feature, you no longer need to provide
> extended permissions to the worker node IAM role so that pods on that node
> can call AWS APIs.*

As Kubernetes becomes the popular deployment method, I believe we should
support this capability.

In order for IAM Roles for Service Accounts to work, I see two necessary

   - Bump the AWS SDK version to at least:  1.11.623.
   - Add dependency to AWS STS in order for the assume-role to work.

This is relevant for S3 Filesystem & Kinesis modules.

There is already an issue open:

Can I go ahead and create a pull request to add this?


Reply via email to