ServiceAccount

class aws_cdk.aws_eks.ServiceAccount(scope, id, *, cluster, name=None, namespace=None)

Bases: aws_cdk.core.Construct

Service Account.

Example:

# cluster is of type Cluster

# add service account
service_account = cluster.add_service_account("MyServiceAccount")

bucket = s3.Bucket(self, "Bucket")
bucket.grant_read_write(service_account)

mypod = cluster.add_manifest("mypod", {
    "api_version": "v1",
    "kind": "Pod",
    "metadata": {"name": "mypod"},
    "spec": {
        "service_account_name": service_account.service_account_name,
        "containers": [{
            "name": "hello",
            "image": "paulbouwer/hello-kubernetes:1.5",
            "ports": [{"container_port": 8080}]
        }
        ]
    }
})

# create the resource after the service account.
mypod.node.add_dependency(service_account)

# print the IAM role arn for this service account
CfnOutput(self, "ServiceAccountIamRole", value=service_account.role.role_arn)
Parameters
  • scope (Construct) –

  • id (str) –

  • cluster (ICluster) – The cluster to apply the patch to.

  • name (Optional[str]) – The name of the service account. Default: - If no name is given, it will use the id of the resource.

  • namespace (Optional[str]) – The namespace of the service account. Default: “default”

Methods

add_to_policy(statement)

(deprecated) (deprecated) Add to the policy of this principal.

Parameters

statement (PolicyStatement) –

Deprecated

use addToPrincipalPolicy()

Stability

deprecated

Return type

bool

add_to_principal_policy(statement)

Add to the policy of this principal.

Parameters

statement (PolicyStatement) –

Return type

AddToPrincipalPolicyResult

to_string()

Returns a string representation of this construct.

Return type

str

Attributes

assume_role_action

When this Principal is used in an AssumeRole policy, the action to use.

Return type

str

grant_principal

The principal to grant permissions to.

Return type

IPrincipal

node

The construct tree node associated with this construct.

Return type

ConstructNode

policy_fragment

Return the policy fragment that identifies this principal in a Policy.

Return type

PrincipalPolicyFragment

role

The role which is linked to the service account.

Return type

IRole

service_account_name

The name of the service account.

Return type

str

service_account_namespace

The namespace where the service account is located in.

Return type

str

Static Methods

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters

x (Any) –

Return type

bool