ServiceAccount

class aws_cdk.aws_eks.ServiceAccount(scope, id, *, cluster, annotations=None, labels=None, name=None, namespace=None)

Bases: Construct

Service Account.

ExampleMetadata:: infused

Example:

# or create a new one using an existing issuer url
# issuer_url: str
# you can import an existing provider
provider = eks.OpenIdConnectProvider.from_open_id_connect_provider_arn(self, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC")
provider2 = eks.OpenIdConnectProvider(self, "Provider",
    url=issuer_url
)

cluster = eks.Cluster.from_cluster_attributes(self, "MyCluster",
    cluster_name="Cluster",
    open_id_connect_provider=provider,
    kubectl_role_arn="arn:aws:iam::123456:role/service-role/k8sservicerole"
)

service_account = cluster.add_service_account("MyServiceAccount")

bucket = s3.Bucket(self, "Bucket")
bucket.grant_read_write(service_account)

Parameters:

scope (Construct)
id (str)
cluster (ICluster) – The cluster to apply the patch to.
annotations (Optional[Mapping[str, str]]) – Additional annotations of the service account. Default: - no additional annotations
labels (Optional[Mapping[str, str]]) – Additional labels of the service account. Default: - no additional labels
name (Optional[str]) – The name of the service account. The name of a ServiceAccount object must be a valid DNS subdomain name. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ Default: - If no name is given, it will use the id of the resource.
namespace (Optional[str]) – The namespace of the service account. All namespace names must be valid RFC 1123 DNS labels. https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns Default: “default”

Methods

add_to_policy(statement)

(deprecated) Add to the policy of this principal.

Parameters:: statement (PolicyStatement)
Deprecated:: use addToPrincipalPolicy()
Stability:: deprecated
Return type:: bool

add_to_principal_policy(statement)

Add to the policy of this principal.

Parameters:: statement (PolicyStatement)
Return type:: AddToPrincipalPolicyResult

to_string()

Returns a string representation of this construct.

Return type:: str

Attributes

assume_role_action: When this Principal is used in an AssumeRole policy, the action to use.

grant_principal: The principal to grant permissions to.

node: The construct tree node associated with this construct.

policy_fragment: Return the policy fragment that identifies this principal in a Policy.

role: The role which is linked to the service account.

service_account_name: The name of the service account.

service_account_namespace: The namespace where the service account is located in.

Static Methods

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters:: x (Any)
Return type:: bool