Skip to content
Alchemy
GitHubXDiscord

PodIdentityAssociation

The PodIdentityAssociation resource allows you to associate an IAM role with a Kubernetes service account in an Amazon EKS cluster, enabling pods that use the service account to assume the specified IAM role. For more information, refer to the AWS documentation: AWS EKS PodIdentityAssociations.

Minimal Example

Section titled “Minimal Example”

Create a basic PodIdentityAssociation with required properties.

import AWS from "alchemy/aws/control";


const podIdentityAssociation = await AWS.EKS.PodIdentityAssociation("myPodIdentityAssociation", {
  ServiceAccount: "my-service-account",
  ClusterName: "my-eks-cluster",
  RoleArn: "arn:aws:iam::123456789012:role/myEKSRole",
  Namespace: "default"
});

Advanced Configuration

Section titled “Advanced Configuration”

Add tags to your PodIdentityAssociation for better resource management.

const taggedPodIdentityAssociation = await AWS.EKS.PodIdentityAssociation("taggedPodIdentityAssociation", {
  ServiceAccount: "my-service-account",
  ClusterName: "my-eks-cluster",
  RoleArn: "arn:aws:iam::123456789012:role/myEKSRole",
  Namespace: "default",
  Tags: [
    { Key: "Environment", Value: "Production" },
    { Key: "Team", Value: "DevOps" }
  ]
});

Error Handling and Adoption

Section titled “Error Handling and Adoption”

Create a PodIdentityAssociation and adopt an existing resource if it already exists.

const adoptPodIdentityAssociation = await AWS.EKS.PodIdentityAssociation("adoptedPodIdentityAssociation", {
  ServiceAccount: "my-service-account",
  ClusterName: "my-eks-cluster",
  RoleArn: "arn:aws:iam::123456789012:role/myEKSRole",
  Namespace: "default",
  adopt: true // Adopt existing resource if it exists
});

Specific Use Case: Multiple Associations

Section titled “Specific Use Case: Multiple Associations”

Manage multiple PodIdentityAssociations for different service accounts in the same cluster.

const firstPodIdentityAssociation = await AWS.EKS.PodIdentityAssociation("firstPodIdentityAssociation", {
  ServiceAccount: "service-account-one",
  ClusterName: "my-eks-cluster",
  RoleArn: "arn:aws:iam::123456789012:role/roleOne",
  Namespace: "default"
});


const secondPodIdentityAssociation = await AWS.EKS.PodIdentityAssociation("secondPodIdentityAssociation", {
  ServiceAccount: "service-account-two",
  ClusterName: "my-eks-cluster",
  RoleArn: "arn:aws:iam::123456789012:role/roleTwo",
  Namespace: "default"
});