[
https://issues.apache.org/jira/browse/FLINK-14881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17035501#comment-17035501
]
Rafi Aroch commented on FLINK-14881:
------------------------------------
IAM Roles for Service Accounts have many advantages when deploying Flink on AWS
EKS.
>From AWS documentation:
{quote}_With IAM roles for service accounts on Amazon EKS clusters, you can
associate an IAM role with a Kubernetes service account. This service account
can then provide AWS permissions to the containers in any pod that uses that
service account. With this feature, you no longer need to provide extended
permissions to the worker node IAM role so that pods on that node can call AWS
APIs._{quote}
As Kubernetes becomes the popular deployment method, I believe we should
support this capability.
In order for IAM Roles for Service Accounts to work, I see two necessary
changes:
* Bump the AWS SDK version to at least: 1.11.623.
* Add dependency to AWS STS in order for the assume-role to work.
This is relevant for S3 Filesystem & Kinesis modules.
I tested this change successfully on EKS with S3 filesystem.
Can I proceed with a PR?
> Upgrade AWS SDK to support "IAM Roles for Service Accounts" in AWS EKS
> ----------------------------------------------------------------------
>
> Key: FLINK-14881
> URL: https://issues.apache.org/jira/browse/FLINK-14881
> Project: Flink
> Issue Type: Improvement
> Components: FileSystems
> Reporter: Vincent Chenal
> Priority: Major
>
> In order to use IAM Roles for Service Accounts in AWS EKS, the minimum
> required version of the AWS SDK is 1.11.623.
> [https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
