K
Q

Generate STS token with assume_role_with_web_identity

3/19/2020

I am looking to generate AWS token in my kubernetes pod using AWS_ROLE_ARN & AWS_WEB_IDENTITY_TOKEN_FILE specified in this documentation EKS Service Accounts. Would be able to generate the token using the code below or should I extract the token from AWS_WEB_IDENTITY_TOKEN_FILE before it can be passed as WebIdentityToken?

client = boto3.client('sts')
response = client.assume_role_with_web_identity(
    RoleArn=os.environ['AWS_ROLE_ARN'],
    RoleSessionName='mySession',
    WebIdentityToken=os.environ['AWS_WEB_IDENTITY_TOKEN_FILE']
)
-- Punter Vicky
amazon-eks
aws-sts
boto3
kubernetes
python

Similar Questions

How do I get the real user ip when using graphl, kubernetes and docker?
Does it make sense to run multiple similar processes in a container?
Can't understand nginx.ingress.kubernetes.io/app-root: "/identity" with multiple services under it
Speed difference through Google cloud load balancer

0 Answers