pod_identity_associations
Creates, updates, deletes or gets a pod_identity_association resource or lists pod_identity_associations in a region
Overview
| Name | pod_identity_associations |
| Type | Resource |
| Description | An object representing an Amazon EKS PodIdentityAssociation. |
| Id | aws.eks.pod_identity_associations |
Fields
| Name | Datatype | Description |
|---|---|---|
cluster_name | string | The cluster that the pod identity association is created for. |
role_arn | string | The IAM role ARN that the pod identity association is created for. |
namespace | string | The Kubernetes namespace that the pod identity association is created for. |
service_account | string | The Kubernetes service account that the pod identity association is created for. |
association_arn | string | The ARN of the pod identity association. |
association_id | string | The ID of the pod identity association. |
tags | array | An array of key-value pairs to apply to this resource. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | ClusterName, RoleArn, Namespace, ServiceAccount, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all pod_identity_associations in a region.
SELECT
region,
cluster_name,
role_arn,
namespace,
service_account,
association_arn,
association_id,
tags
FROM aws.eks.pod_identity_associations
WHERE region = 'us-east-1';
Gets all properties from an individual pod_identity_association.
SELECT
region,
cluster_name,
role_arn,
namespace,
service_account,
association_arn,
association_id,
tags
FROM aws.eks.pod_identity_associations
WHERE region = 'us-east-1' AND data__Identifier = '<AssociationArn>';
INSERT example
Use the following StackQL query and manifest file to create a new pod_identity_association resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.eks.pod_identity_associations (
ClusterName,
RoleArn,
Namespace,
ServiceAccount,
region
)
SELECT
'{{ ClusterName }}',
'{{ RoleArn }}',
'{{ Namespace }}',
'{{ ServiceAccount }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.eks.pod_identity_associations (
ClusterName,
RoleArn,
Namespace,
ServiceAccount,
Tags,
region
)
SELECT
'{{ ClusterName }}',
'{{ RoleArn }}',
'{{ Namespace }}',
'{{ ServiceAccount }}',
'{{ Tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: pod_identity_association
props:
- name: ClusterName
value: '{{ ClusterName }}'
- name: RoleArn
value: '{{ RoleArn }}'
- name: Namespace
value: '{{ Namespace }}'
- name: ServiceAccount
value: '{{ ServiceAccount }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
DELETE example
/*+ delete */
DELETE FROM aws.eks.pod_identity_associations
WHERE data__Identifier = '<AssociationArn>'
AND region = 'us-east-1';
Permissions
To operate on the pod_identity_associations resource, the following permissions are required:
Create
eks:CreatePodIdentityAssociation,
eks:DescribePodIdentityAssociation,
eks:TagResource,
iam:PassRole,
iam:GetRole
Read
eks:DescribePodIdentityAssociation
Update
eks:DescribePodIdentityAssociation,
eks:UpdatePodIdentityAssociation,
eks:TagResource,
eks:UntagResource,
iam:PassRole,
iam:GetRole
Delete
eks:DeletePodIdentityAssociation,
eks:DescribePodIdentityAssociation
List
eks:ListPodIdentityAssociations