ServiceAccount

class aws_cdk.aws_eks.ServiceAccount(scope, id, *, cluster, annotations=None, labels=None, name=None, namespace=None)

Bases: Construct

Service Account.

ExampleMetadata:

infused

Example:

# or create a new one using an existing issuer url
# issuer_url: str
# you can import an existing provider
provider = eks.OpenIdConnectProvider.from_open_id_connect_provider_arn(self, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC")
provider2 = eks.OpenIdConnectProvider(self, "Provider",
    url=issuer_url
)

cluster = eks.Cluster.from_cluster_attributes(self, "MyCluster",
    cluster_name="Cluster",
    open_id_connect_provider=provider,
    kubectl_role_arn="arn:aws:iam::123456:role/service-role/k8sservicerole"
)

service_account = cluster.add_service_account("MyServiceAccount")

bucket = s3.Bucket(self, "Bucket")
bucket.grant_read_write(service_account)
Parameters:

Methods

add_to_policy(statement)

(deprecated) Add to the policy of this principal.

Parameters:

statement (PolicyStatement) –

Deprecated:

use addToPrincipalPolicy()

Stability:

deprecated

Return type:

bool

add_to_principal_policy(statement)

Add to the policy of this principal.

Parameters:

statement (PolicyStatement) –

Return type:

AddToPrincipalPolicyResult

to_string()

Returns a string representation of this construct.

Return type:

str

Attributes

assume_role_action

When this Principal is used in an AssumeRole policy, the action to use.

grant_principal

The principal to grant permissions to.

node

The construct tree node associated with this construct.

policy_fragment

Return the policy fragment that identifies this principal in a Policy.

role

The role which is linked to the service account.

service_account_name

The name of the service account.

service_account_namespace

The namespace where the service account is located in.

Static Methods

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters:

x (Any) –

Return type:

bool