About aws auto unseal account - which permissions are needed?

tirelibirefe · November 18, 2021, 9:46am

Hello,
I have an eks kubernetes cluster and I would like to install Vault on it by using helm chart.
Regarding to the documentation, in order to auto-unseal Vault on aws-eks, the credentials of an account must be defined as secret.

The documentation doesn’t provide enough information about this account. What kind of IAM account is it? Which permissions are needed?

Also, is this secret created in the same namespace with vault installation?

Could you please advise?

Thanks & Reagrds

aram · November 18, 2021, 10:28am

Duplicate post, see: AWS EKS Auto Unseal

tirelibirefe · November 18, 2021, 10:44am

Not actually.
I created an IAM account but it doesn’t has any permissions. Is this enough to accomplish auto-unseal or should I assign some IAM permissions policies roles etc. to this account?

Topic		Replies	Views
AWS KMS Autounseal without IAM user Vault	5	463	May 13, 2020
Awskms for auto unseal implementation Vault	0	245	November 8, 2022
Can not unseal Vault using Service Account IAM Roles in AWS Vault	3	1898	September 10, 2020
AWS EKS Auto Unseal Vault	9	1862	November 18, 2021
Using AWS instance profiles or IAM policies for awskms unseal and s3 storage Vault	2	409	February 11, 2022

About aws auto unseal account - which permissions are needed?

Related topics