Use a supported AWS SDK

When using EKS Pod Identities, the containers in your Pods must use an AWS SDK version that supports assuming an IAM role from the EKS Pod Identity Agent. Make sure that you're using the following versions, or later, for your AWS SDK:

• Java (Version 2) – 2.21.30

• Java – 1.12.746

• Go v1 – v1.47.11

• Go v2 – release-2023-11-14

• Python (Boto3) – 1.34.41

• Python (botocore) – 1.34.41

• AWS CLI – 1.30.0

  AWS CLI – 2.15.0

• JavaScript v2 – 2.1550.0

• JavaScript v3 – v3.458.0

• Kotlin – v1.0.1

• Ruby – 3.188.0

• Rust – release-2024-03-13

• C++ – 1.11.263

• .NET – 3.7.734.0

• PowerShell – 4.1.502

• PHP – 3.287.1

To ensure that you're using a supported SDK, follow the installation instructions for your preferred SDK at Tools to Build on AWS when you build your containers.

For a list of add-ons that support EKS Pod Identity, see Add-on versions compatible with EKS Pod Identity.

Using EKS Pod Identity credentials

To use the credentials from a EKS Pod Identity association, your code can use any AWS SDK to create a client for an AWS service with an SDK, and by default the SDK searches in a chain of locations for AWS Identity and Access Management credentials to use. The EKS Pod Identity credentials will be used if you don't specify a credential provider when you create the client or otherwise initialized the SDK.

This works because EKS Pod Identities have been added to the Container credential provider which is searched in a step in the default credential chain. If your workloads currently use credentials that are earlier in the chain of credentials, those credentials will continue to be used even if you configure an EKS Pod Identity association for the same workload.

For more information about how EKS Pod Identities work, see How EKS Pod Identity works.