Skip to content

Instantly share code, notes, and snippets.

@codesenju

codesenju/trust-template.json

Created July 5, 2023 16:36
Show Gist options
  • Save codesenju/e0a44617fc2c466d3d3e0b7dbdbacfd7 to your computer and use it in GitHub Desktop.
Save codesenju/e0a44617fc2c466d3d3e0b7dbdbacfd7 to your computer and use it in GitHub Desktop.
Download ZIP
trust-template.json for IRSA
Raw
trust-template.json
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/oidc.eks.${AWS_REGION}.amazonaws.com/id/${OIDC_PROVIDER_ID}"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.${AWS_REGION}.amazonaws.com/id/${OIDC_PROVIDER_ID}:sub": "system:serviceaccount: ${NS}:${SA}",
"oidc.eks.${AWS_REGION}.amazonaws.com/id/${OIDC_PROVIDER_ID}:aud": "sts.amazonaws.com"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment