{"id":4087,"date":"2019-05-29T17:15:07","date_gmt":"2019-05-29T14:15:07","guid":{"rendered":"https:\/\/www.systemcodegeeks.com\/?p=4087"},"modified":"2019-05-29T11:40:41","modified_gmt":"2019-05-29T08:40:41","slug":"protecting-aws-eks-kube2iam","status":"publish","type":"post","link":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/","title":{"rendered":"Protecting your AWS from EKS with kube2iam"},"content":{"rendered":"\n<p>I really like Kubernetes; I\u2019ve been following almost since its inception 5 years ago and used it successfully in the past 3+ years in several projects. It isn\u2019t without challenges (esp. around managing state) but it definitely getting better with each release. Moving to a new company, it is no wonder I introduced Kubernetes into our architecture from the get-go.<\/p>\n\n\n\n<p>One thing different in this project though, is that I am now running Kubernetes in the cloud (AWS for now), whereas in the last two times the target use was on-prem. Using Kubernetes in the cloud alleviate some of the pains we had to deal with self-hosting it, like installation, control plane availability, etc. but it also introduces some new challenges \u2013 one such challenge is around security.<\/p>\n\n\n\n<p>There are many ways to protect the inter-pod\/service communications inside Kubernetes (maybe I\u2019ll dedicate another post for that) \u2013 the problem here is different, it is controlling the security from the different pods and other AWS assets (like RDS, S3, other EKS clusters, etc.).<\/p>\n\n\n\n<p>One way to handle security in AWS is to associate an AWS role with an instance. That works well in the \u201cclassic\u201d AWS setup since different instances (or groups of instances) host different services. This is not the case when using Kubernetes, now we have multiple types of service (internal and external) running on the same node \u2013 if the node has the maximal security we\u2019re not only violating the \u201cleast privileges principle\u201d for our own services, we\u2019re probably also exposing our AWS resources to 3rd party pods we\u2019re running on the same nodes.<\/p>\n\n\n\n<p>It seems that one possible solution is to set the node permissions to something minimal and to AWS key pairs for each service. This has 2 problems \u2013 one that the nodes need some privileges to be part of the Kubernetes cluster also it is a major headache to store and distribute the key pairs in a secure manner (e.g. making sure they don\u2019t end up hard-coded in source code; making sure they are not propagated to pods as plain text; etc)<\/p>\n\n\n\n<p>Luckily, there\u2019s a better approach \u2013 that brings the IAM based approach from regular ec2 instances to the pod level. There are a couple of tools, that I know of, that support this, namely <a href=\"https:\/\/github.com\/jtblin\/kube2iam\">kube2iam<\/a> and <a href=\"https:\/\/github.com\/uswitch\/kiam\">kiam<\/a> (you can read a nice comparison of the two <a href=\"https:\/\/www.bluematador.com\/blog\/iam-access-in-kubernetes-kube2iam-vs-kiam\">here<\/a>)<\/p>\n\n\n\n<p>Though they work a little differently, they are both based on the same approach:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>You set nodes with permission to assume (some) roles<\/li><li>You configure permission for pods by using annotations on the Kubernetes deployment yaml<\/li><li>The tool proxies and intercept calls to AWS EC2 metadata API and provides temporary credentials by assuming the role in the annotation<\/li><\/ul>\n\n\n\n<p>and presto \u2013 your pod only has the privileges it was configured with<\/p>\n\n\n\n<p>To get this magic going you need to do 3 things:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>set up permissions (roles and policies)<\/li><li>install kube2iam<\/li><li>annotate your pod deployments<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">set up permissions<\/h3>\n\n\n\n<p>The biggest problem for me was setting the permissions right. to do that you<\/p>\n\n\n\n<p>1. add a new policy with sts:assume permission<\/p>\n\n\n\n<div>\n<div id=\"highlighter_119237\" class=\"syntaxhighlighter  c\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"c plain\">{<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Version\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"2012-10-17\"<\/code><code class=\"c plain\">,<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Statement\"<\/code><code class=\"c plain\">: [<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">{<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Sid\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"\"<\/code><code class=\"c plain\">,<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Effect\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"Allow\"<\/code><code class=\"c plain\">,<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Action\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"sts:AssumeRole\"<\/code><code class=\"c plain\">,<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Resource\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"arn:aws:iam::your-account-id:role\/prefix*\"<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">}<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">]<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"c plain\">}<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>Note that you can (and should) limit the resources that services can assume by specifying a resource prefix<\/p>\n\n\n\n<p>2. find what role is used by the worker nodes in your cluster and add to it the policy from step 1<\/p>\n\n\n\n<p>3. for each role that you define and want pods to use you also need to add a trust relationship that allows the worker nodes\u2019 role to assume it<\/p>\n\n\n\n<div>\n<div id=\"highlighter_141747\" class=\"syntaxhighlighter  c\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<div class=\"line number18 index17 alt1\">18<\/div>\n<div class=\"line number19 index18 alt2\">19<\/div>\n<div class=\"line number20 index19 alt1\">20<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"c plain\">{<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Version\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"2012-10-17\"<\/code><code class=\"c plain\">,<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Statement\"<\/code><code class=\"c plain\">: [<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">{<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Effect\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"Allow\"<\/code><code class=\"c plain\">,<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Principal\"<\/code><code class=\"c plain\">: {<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Service\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"ec2.amazonaws.com\"<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">},<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Action\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"sts:AssumeRole\"<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">},<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">{<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Sid\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"\"<\/code><code class=\"c plain\">,<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Effect\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"Allow\"<\/code><code class=\"c plain\">,<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Principal\"<\/code><code class=\"c plain\">: {<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"AWS\"<\/code><code class=\"c plain\">: \"arn:aws:iam::your-account-id:role\/worker-node-role<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">},<\/code><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c string\">\"Action\"<\/code><code class=\"c plain\">: <\/code><code class=\"c string\">\"sts:AssumeRole\"<\/code><\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">}<\/code><\/div>\n<div class=\"line number19 index18 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">]<\/code><\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"c spaces\">&nbsp;<\/code><code class=\"c plain\">}<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Installing kube2iam<\/h3>\n\n\n\n<p>The kube2iam site has instructions on installing it \u2013but I found &nbsp;it was easier to install it using helm:<\/p>\n\n\n\n<div>\n<div id=\"highlighter_355125\" class=\"syntaxhighlighter  c\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"c plain\">helm install stable\/kube2iam --name dev-kube2iam --<\/code><code class=\"c keyword bold\">namespace<\/code> <code class=\"c plain\">kube-<\/code><code class=\"c functions bold\">system<\/code> <code class=\"c plain\">-f .\/kube2iam.config.yaml<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>where the config file is:<\/p>\n\n\n\n<div>\n<div id=\"highlighter_346557\" class=\"syntaxhighlighter  c\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"c plain\">aws:<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">region: <\/code><code class=\"c string\">\"your-aws-region\"<\/code><\/div>\n<div class=\"line number3 index2 alt2\">&nbsp;<\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"c plain\">extraArgs:<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c keyword bold\">auto<\/code><code class=\"c plain\">-discover-base-arn: <\/code><code class=\"c keyword bold\">true<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c keyword bold\">auto<\/code><code class=\"c plain\">-discover-<\/code><code class=\"c keyword bold\">default<\/code><code class=\"c plain\">-role: <\/code><code class=\"c keyword bold\">true<\/code><\/div>\n<div class=\"line number7 index6 alt2\">&nbsp;<\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"c preprocessor\"># Won't work with Calico<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"c plain\">host:<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">iptables: <\/code><code class=\"c keyword bold\">true<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">interface: eni+<\/code><\/div>\n<div class=\"line number12 index11 alt1\">&nbsp;<\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"c plain\">rbac:<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">create: <\/code><code class=\"c keyword bold\">true<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Setting roles for helm charts<\/h3>\n\n\n\n<p>Lastly, you need to annotate your deployments with &nbsp;iam.amazonaws.com\/role:<\/p>\n\n\n\n<div>\n<div id=\"highlighter_225073\" class=\"syntaxhighlighter  c\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"c plain\">apiVersion: v1<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"c plain\">kind: Pod<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"c plain\">metadata:<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">name: aws-cli<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">labels:<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">name: aws-cli<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">annotations:<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">iam.amazonaws.com\/role: role-arn<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"c plain\">spec:<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">containers:<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">- image: fstab\/aws-cli<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">command:<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">- <\/code><code class=\"c string\">\"\/home\/aws\/aws\/env\/bin\/aws\"<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">- <\/code><code class=\"c string\">\"s3\"<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">- <\/code><code class=\"c string\">\"ls\"<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">- <\/code><code class=\"c string\">\"some-bucket\"<\/code><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">name: aws-cli<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>note that the role-arn is the suffix for the arn since kube2iam is configured (or automatically picks up , as above) with the arn prefix<\/p>\n\n\n\n<p>This works well if you\u2019re deploying your services with kubectl \u2013 we are using helm though \u2013 and so to set the annotation with helm you need to set up the annotation in the pod template e.g.<\/p>\n\n\n\n<div>\n<div id=\"highlighter_133447\" class=\"syntaxhighlighter  c\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"c plain\">spec:<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c plain\">replicas: {{ .Values.replicas }}<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;<\/code><code class=\"c keyword bold\">template<\/code><code class=\"c plain\">:<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">metadata:<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">labels:<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">app: {{ .Chart.Name }}<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">annotations:<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">iam.amazonaws.com\/role: {{ .Values.metadata.role }}<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">spec:<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">containers:<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">- name: {{ .Chart.Name }}<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">image: <\/code><code class=\"c string\">\"{{ .Values.image.repository }}{{ .Values.image.branch }}:{{ .Values.image.tag }}\"<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">imagePullPolicy: {{ .Values.imagePullPolicy }}<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">envFrom:<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">- configMapRef:<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">name: {{ .Chart.Name }}-configmap<\/code><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"c spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"c plain\">ports: [ containerPort: 8000 ]<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n\n\n\n<p>If you got all the way to here, it means you\u2019ve found it interesting \u2013 that\u2019s probably a good time to mention that if you are interested working on similar (and more complex) problems \u2013 we are hiring for several positions (Devs, DevOps and QA automation). Offices in Tel-Aviv but if you\u2019re good we\u2019re also open for remote work. &nbsp;Feel free to ping me for more details<\/p>\n\n\n\n<div class=\"attribution\">\n<table>\n<tbody>\n<tr>\n<td>\n<p>Published on System Code Geeks with permission by Arnon Rotem Gal Oz, partner at our <a href=\"\/\/www.systemcodegeeks.com\/join-us\/scg\/\" target=\"_blank\" rel=\"noopener noreferrer\">SCG program<\/a>. See the original article here: <a href=\"https:\/\/arnon.me\/2019\/05\/protecting-eks-with-kube2iam\/\" target=\"_blank\" rel=\"noopener noreferrer\">Protecting your AWS from EKS with kube2iam<\/a><\/p>\n<p>Opinions expressed by System Code Geeks contributors are their own.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>I really like Kubernetes; I\u2019ve been following almost since its inception 5 years ago and used it successfully in the past 3+ years in several projects. It isn\u2019t without challenges (esp. around managing state) but it definitely getting better with each release. Moving to a new company, it is no wonder I introduced Kubernetes into &hellip;<\/p>\n","protected":false},"author":4888,"featured_media":188,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39],"tags":[165,145,173],"class_list":["post-4087","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","tag-aws","tag-kubernetes","tag-open-source"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Protecting your AWS from EKS with kube2iam - System Code Geeks - 2026<\/title>\n<meta name=\"description\" content=\"Interested to learn about kube2iam? Check our article introducing kube2iam a tool to protect the inter-pod\/service communications inside Kubernetes\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Protecting your AWS from EKS with kube2iam - System Code Geeks - 2026\" \/>\n<meta property=\"og:description\" content=\"Interested to learn about kube2iam? Check our article introducing kube2iam a tool to protect the inter-pod\/service communications inside Kubernetes\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/\" \/>\n<meta property=\"og:site_name\" content=\"System Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/systemcodegeeks\" \/>\n<meta property=\"article:published_time\" content=\"2019-05-29T14:15:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Arnon Rotem Gal Oz\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@systemcodegeeks\" \/>\n<meta name=\"twitter:site\" content=\"@systemcodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnon Rotem Gal Oz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/\"},\"author\":{\"name\":\"Arnon Rotem Gal Oz\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/#\/schema\/person\/ca24d3fa6a67e3cde49b408a5ef6fd79\"},\"headline\":\"Protecting your AWS from EKS with kube2iam\",\"datePublished\":\"2019-05-29T14:15:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/\"},\"wordCount\":812,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg\",\"keywords\":[\"AWS\",\"Kubernetes\",\"open source\"],\"articleSection\":[\"DevOps\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/\",\"url\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/\",\"name\":\"Protecting your AWS from EKS with kube2iam - System Code Geeks - 2026\",\"isPartOf\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg\",\"datePublished\":\"2019-05-29T14:15:07+00:00\",\"description\":\"Interested to learn about kube2iam? Check our article introducing kube2iam a tool to protect the inter-pod\/service communications inside Kubernetes\",\"breadcrumb\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#primaryimage\",\"url\":\"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg\",\"contentUrl\":\"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg\",\"width\":150,\"height\":150},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.systemcodegeeks.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DevOps\",\"item\":\"https:\/\/www.systemcodegeeks.com\/category\/devops\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Protecting your AWS from EKS with kube2iam\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/#website\",\"url\":\"https:\/\/www.systemcodegeeks.com\/\",\"name\":\"System Code Geeks\",\"description\":\"Operating System Developers Resource Center\",\"publisher\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.systemcodegeeks.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\/\/www.systemcodegeeks.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png\",\"contentUrl\":\"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\/\/www.systemcodegeeks.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/systemcodegeeks\",\"https:\/\/x.com\/systemcodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/#\/schema\/person\/ca24d3fa6a67e3cde49b408a5ef6fd79\",\"name\":\"Arnon Rotem Gal Oz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.systemcodegeeks.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/90c5419fe75c8db1c623161efa6ba07ddd0d542952e0687a738eb42046ae34d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/90c5419fe75c8db1c623161efa6ba07ddd0d542952e0687a738eb42046ae34d6?s=96&d=mm&r=g\",\"caption\":\"Arnon Rotem Gal Oz\"},\"sameAs\":[\"http:\/\/arnon.me\/\"],\"url\":\"https:\/\/www.systemcodegeeks.com\/author\/arnon-rotem-gal-oz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Protecting your AWS from EKS with kube2iam - System Code Geeks - 2026","description":"Interested to learn about kube2iam? Check our article introducing kube2iam a tool to protect the inter-pod\/service communications inside Kubernetes","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/","og_locale":"en_US","og_type":"article","og_title":"Protecting your AWS from EKS with kube2iam - System Code Geeks - 2026","og_description":"Interested to learn about kube2iam? Check our article introducing kube2iam a tool to protect the inter-pod\/service communications inside Kubernetes","og_url":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/","og_site_name":"System Code Geeks","article_publisher":"https:\/\/www.facebook.com\/systemcodegeeks","article_published_time":"2019-05-29T14:15:07+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg","type":"image\/jpeg"}],"author":"Arnon Rotem Gal Oz","twitter_card":"summary_large_image","twitter_creator":"@systemcodegeeks","twitter_site":"@systemcodegeeks","twitter_misc":{"Written by":"Arnon Rotem Gal Oz","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#article","isPartOf":{"@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/"},"author":{"name":"Arnon Rotem Gal Oz","@id":"https:\/\/www.systemcodegeeks.com\/#\/schema\/person\/ca24d3fa6a67e3cde49b408a5ef6fd79"},"headline":"Protecting your AWS from EKS with kube2iam","datePublished":"2019-05-29T14:15:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/"},"wordCount":812,"commentCount":0,"publisher":{"@id":"https:\/\/www.systemcodegeeks.com\/#organization"},"image":{"@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#primaryimage"},"thumbnailUrl":"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg","keywords":["AWS","Kubernetes","open source"],"articleSection":["DevOps"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/","url":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/","name":"Protecting your AWS from EKS with kube2iam - System Code Geeks - 2026","isPartOf":{"@id":"https:\/\/www.systemcodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#primaryimage"},"image":{"@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#primaryimage"},"thumbnailUrl":"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg","datePublished":"2019-05-29T14:15:07+00:00","description":"Interested to learn about kube2iam? Check our article introducing kube2iam a tool to protect the inter-pod\/service communications inside Kubernetes","breadcrumb":{"@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#primaryimage","url":"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg","contentUrl":"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2016\/01\/devops-logo.jpg","width":150,"height":150},{"@type":"BreadcrumbList","@id":"https:\/\/www.systemcodegeeks.com\/devops\/protecting-aws-eks-kube2iam\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.systemcodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"DevOps","item":"https:\/\/www.systemcodegeeks.com\/category\/devops\/"},{"@type":"ListItem","position":3,"name":"Protecting your AWS from EKS with kube2iam"}]},{"@type":"WebSite","@id":"https:\/\/www.systemcodegeeks.com\/#website","url":"https:\/\/www.systemcodegeeks.com\/","name":"System Code Geeks","description":"Operating System Developers Resource Center","publisher":{"@id":"https:\/\/www.systemcodegeeks.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.systemcodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.systemcodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.systemcodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.systemcodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.systemcodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.systemcodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/systemcodegeeks","https:\/\/x.com\/systemcodegeeks"]},{"@type":"Person","@id":"https:\/\/www.systemcodegeeks.com\/#\/schema\/person\/ca24d3fa6a67e3cde49b408a5ef6fd79","name":"Arnon Rotem Gal Oz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.systemcodegeeks.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/90c5419fe75c8db1c623161efa6ba07ddd0d542952e0687a738eb42046ae34d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/90c5419fe75c8db1c623161efa6ba07ddd0d542952e0687a738eb42046ae34d6?s=96&d=mm&r=g","caption":"Arnon Rotem Gal Oz"},"sameAs":["http:\/\/arnon.me\/"],"url":"https:\/\/www.systemcodegeeks.com\/author\/arnon-rotem-gal-oz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/posts\/4087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/users\/4888"}],"replies":[{"embeddable":true,"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/comments?post=4087"}],"version-history":[{"count":0,"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/posts\/4087\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/media\/188"}],"wp:attachment":[{"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/media?parent=4087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/categories?post=4087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.systemcodegeeks.com\/wp-json\/wp\/v2\/tags?post=4087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}