class ServiceAccount (construct)
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.EKS.ServiceAccount |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awseks#ServiceAccount |
![]() | software.amazon.awscdk.services.eks.ServiceAccount |
![]() | aws_cdk.aws_eks.ServiceAccount |
![]() | aws-cdk-lib » aws_eks » ServiceAccount |
Implements
IConstruct
, IDependable
, IPrincipal
, IGrantable
Service Account.
Example
// you can import an existing provider
const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC');
// or create a new one using an existing issuer url
declare const issuerUrl: string;
const provider2 = new eks.OpenIdConnectProvider(this, 'Provider', {
url: issuerUrl,
});
const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', {
clusterName: 'Cluster',
openIdConnectProvider: provider,
kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole',
});
const serviceAccount = cluster.addServiceAccount('MyServiceAccount');
const bucket = new s3.Bucket(this, 'Bucket');
bucket.grantReadWrite(serviceAccount);
Initializer
new ServiceAccount(scope: Construct, id: string, props: ServiceAccountProps)
Parameters
- scope
Construct
- id
string
- props
Service
Account Props
Construct Props
Name | Type | Description |
---|---|---|
cluster | ICluster | The cluster to apply the patch to. |
annotations? | { [string]: string } | Additional annotations of the service account. |
identity | Identity | The identity type to use for the service account. |
labels? | { [string]: string } | Additional labels of the service account. |
name? | string | The name of the service account. |
namespace? | string | The namespace of the service account. |
cluster
Type:
ICluster
The cluster to apply the patch to.
annotations?
Type:
{ [string]: string }
(optional, default: no additional annotations)
Additional annotations of the service account.
identityType?
Type:
Identity
(optional, default: IdentityType.IRSA)
The identity type to use for the service account.
labels?
Type:
{ [string]: string }
(optional, default: no additional labels)
Additional labels of the service account.
name?
Type:
string
(optional, default: If no name is given, it will use the id of the resource.)
The name of the service account.
The name of a ServiceAccount object must be a valid DNS subdomain name. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
namespace?
Type:
string
(optional, default: "default")
The namespace of the service account.
All namespace names must be valid RFC 1123 DNS labels. https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns
Properties
Name | Type | Description |
---|---|---|
assume | string | When this Principal is used in an AssumeRole policy, the action to use. |
grant | IPrincipal | The principal to grant permissions to. |
node | Node | The tree node. |
policy | Principal | Return the policy fragment that identifies this principal in a Policy. |
role | IRole | The role which is linked to the service account. |
service | string | The name of the service account. |
service | string | The namespace where the service account is located in. |
assumeRoleAction
Type:
string
When this Principal is used in an AssumeRole policy, the action to use.
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
node
Type:
Node
The tree node.
policyFragment
Type:
Principal
Return the policy fragment that identifies this principal in a Policy.
role
Type:
IRole
The role which is linked to the service account.
serviceAccountName
Type:
string
The name of the service account.
serviceAccountNamespace
Type:
string
The namespace where the service account is located in.
Methods
Name | Description |
---|---|
add | Add to the policy of this principal. |
to | Returns a string representation of this construct. |
addToPrincipalPolicy(statement)
public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult
Parameters
- statement
Policy
Statement
Returns
Add to the policy of this principal.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.