What is IRSA (IAM Roles for Service Accounts)?
EKS feature that allows Kubernetes pods to assume AWS IAM roles without node-level credentials.
IRSA (IAM Roles for Service Accounts) is an EKS feature that uses OIDC federation to allow individual Kubernetes service accounts to assume AWS IAM roles. Instead of giving all pods on a node the same IAM permissions via node instance profiles, IRSA allows per-pod AWS permissions. A pod annotated with a service account that has an IAM role can call AWS APIs with just those permissions. This implements least-privilege access at the pod level.
Related Terms
More Cloud Terms
ECR (Elastic Container Registry)
AWS's fully managed container image registry service.
EKS (Elastic Kubernetes Service)
AWS's managed Kubernetes service that runs the K8s control plane for you.
Fargate
AWS serverless compute engine for containers — no node management required.
IAM (Identity and Access Management)
AWS service for managing user identities and permissions for cloud resources.
Spot Instance
Unused cloud capacity offered at up to 90% discount that can be reclaimed with 2-minute notice.
VPC (Virtual Private Cloud)
A logically isolated network in the cloud where you launch your cloud resources.
Test your knowledge of IRSA (IAM Roles for Service Accounts) and 130 other DevOps concepts