Last Updated: November 21, 2025
Focus Areas
| Focus |
|---|
Associate KSA with IAM
|
Audit `aws:SourceAccount`
|
Commands & Queries
eksctl utils associate-iam-oidc-provider
Enable OIDC
aws iam create-role --assume-role-policy-document file://policy.json
Create role
kubectl annotate sa my-sa eks.amazonaws.com/role-arn=arn
Link
Summary
IRSA avoids node IAM keys while granting precise permissions.
💡 Pro Tip:
Rotate IAM bindings when teams change ownership.