Wiki.Quizz.vn - aws:containers:eks:pod
https://wiki.quizz.vn/
2026-04-15T19:53:56+00:00Wiki.Quizz.vn
https://wiki.quizz.vn/
https://wiki.quizz.vn/lib/exe/fetch.php?media=wiki:dokuwiki.svgtext/html2025-12-28T07:49:15+00:00Anonymous (anonymous@undisclosed.example.com)aws-permissions
https://wiki.quizz.vn/doku.php?id=aws:containers:eks:pod:aws-permissions&rev=1766908155&do=diff
Pod AWS Permissions (Node Role vs IRSA)
What it is: How a Pod gets permissions to call AWS APIs (S3, DynamoDB, etc.).
What it’s for:
* Enforce least privilege for each workload.
Two common models:
1) Node IAM Role (EC2 Instance Profile)
*text/html2025-12-28T07:49:37+00:00Anonymous (anonymous@undisclosed.example.com)networking
https://wiki.quizz.vn/doku.php?id=aws:containers:eks:pod:networking&rev=1766908177&do=diff
Pod Networking Basics
What it is: How Pods communicate with each other and the outside network in Kubernetes/EKS.
What it’s for:
* Enable service-to-service communication in a microservices architecture.
* Control traffic using Kubernetes Services and network policies (when available).text/html2025-12-28T08:03:23+00:00Anonymous (anonymous@undisclosed.example.com)no-direct-iam-policy
https://wiki.quizz.vn/doku.php?id=aws:containers:eks:pod:no-direct-iam-policy&rev=1766909003&do=diff
EKS Pods: No “Direct IAM Policy on Pod”
What it is: Clarification that AWS does not natively attach an IAM *policy* directly to a Pod.
What it’s for:
* Correct a common misconception in exam answers.
Key ideas:
* In EKS, the standard least-privilege approach is:text/html2025-12-28T07:48:55+00:00Anonymous (anonymous@undisclosed.example.com)service-account-binding
https://wiki.quizz.vn/doku.php?id=aws:containers:eks:pod:service-account-binding&rev=1766908135&do=diff
Pod ↔ Service Account Binding
What it is: The relationship between a Pod and the Kubernetes Service Account (SA) it uses.
What it’s for:
* Decide which identity the Pod uses inside Kubernetes.
* Enable mapping from Pod → SA → IAM Role (with IRSA).