What it is: An identity provider integration that allows EKS to issue identities for service accounts.

What it’s for:

• Let AWS STS trust Kubernetes service account tokens.
• Enable IRSA securely.

Key ideas:

• OIDC is used to validate the identity of the service account.
• Trust policy on the IAM role references the OIDC provider and conditions.

Exam cues:

• “IRSA requires OIDC provider” → yes, OIDC is essential.

Hard words:

• *provider* /prəˈvaɪdər/: nhà cung cấp
• *validate* /ˈvælɪdeɪt/: xác minh
• *condition* /kənˈdɪʃn/: điều kiện