AWS Auth Backend Client on Kubernetes

Hello! I have a quick question. I am setting up the aws auth backend client with Vault hosted on an EKS cluster. EKS can map an IAM role to a Kubernetes service account so I don’t have to give extra policies to the EC2 instance profiles associated with the worker nodes. However, I am having trouble getting that to work and Vault keep trying to use the instance profile instead. I read the documentation and it just say it supports the usual AWS authentication mechanism like environment variables. My question is, does Vault currently supports EKS IAM roles for Service Account?

Yes, it does. I can’t find any documentation on it but this issue talks about it: IAM roles for AWS EKS service accounts not working · Issue #8926 · hashicorp/vault · GitHub

Beautiful! I’ll give it a shot! Thank you very much!

Sincerely,
Peter Sin