What it is: An identity for processes running in a pod in Kubernetes.

What it’s for:

• Provide pod-level identity inside Kubernetes.
• When combined with IRSA, map pods to AWS IAM roles.

Key ideas:

• Not the same as IAM user/role, but can be mapped to them (IRSA).
• Used for least privilege at pod level.

Exam cues:

• “pod identity” → service account.
• “different permissions per microservice pod” → different service accounts + IRSA.

Hard words:

• *identity* /aɪˈdentəti/: danh tính
• *map* /mæp/: ánh xạ