Skip to content

/AWS1/CL_EKAASSUMEROLEFORPOD01

AssumeRoleForPodIdentityResponse

CONSTRUCTOR

IMPORTING

Required arguments:

IO_SUBJECT TYPE REF TO /AWS1/CL_EKASUBJECT /AWS1/CL_EKASUBJECT

The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.

IV_AUDIENCE TYPE /AWS1/EKASTRING /AWS1/EKASTRING

The identity that is allowed to use the credentials. This value is always pods.eks.amazonaws.com.

IO_PODIDENTITYASSOCIATION TYPE REF TO /AWS1/CL_EKAPODIDASSOCIATION /AWS1/CL_EKAPODIDASSOCIATION

The Amazon Resource Name (ARN) and ID of the EKS Pod Identity association.

IO_ASSUMEDROLEUSER TYPE REF TO /AWS1/CL_EKAASSUMEDROLEUSER /AWS1/CL_EKAASSUMEDROLEUSER

An object with the permanent IAM role identity and the temporary session name.

The ARN of the IAM role that the temporary credentials authenticate to.

The session name of the temporary session requested to STS. The value is a unique identifier that contains the role ID, a colon (:), and the role session name of the role that is being assumed. The role ID is generated by IAM when the role is created. The role session name part of the value follows this format: eks-clustername-podname-random UUID

IO_CREDENTIALS TYPE REF TO /AWS1/CL_EKACREDENTIALS /AWS1/CL_EKACREDENTIALS

The Amazon Web Services Signature Version 4 type of temporary credentials.

Queryable Attributes

subject

The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.

Accessible with the following methods

Method Description
GET_SUBJECT() Getter for SUBJECT

audience

The identity that is allowed to use the credentials. This value is always pods.eks.amazonaws.com.

Accessible with the following methods

Method Description
GET_AUDIENCE() Getter for AUDIENCE, with configurable default
ASK_AUDIENCE() Getter for AUDIENCE w/ exceptions if field has no value
HAS_AUDIENCE() Determine if AUDIENCE has a value

podIdentityAssociation

The Amazon Resource Name (ARN) and ID of the EKS Pod Identity association.

Accessible with the following methods

Method Description
GET_PODIDENTITYASSOCIATION() Getter for PODIDENTITYASSOCIATION

assumedRoleUser

An object with the permanent IAM role identity and the temporary session name.

The ARN of the IAM role that the temporary credentials authenticate to.

The session name of the temporary session requested to STS. The value is a unique identifier that contains the role ID, a colon (:), and the role session name of the role that is being assumed. The role ID is generated by IAM when the role is created. The role session name part of the value follows this format: eks-clustername-podname-random UUID

Accessible with the following methods

Method Description
GET_ASSUMEDROLEUSER() Getter for ASSUMEDROLEUSER

credentials

The Amazon Web Services Signature Version 4 type of temporary credentials.

Accessible with the following methods

Method Description
GET_CREDENTIALS() Getter for CREDENTIALS