Support for S3 Buckets in Different Accounts? #129
Comments
|
Thank you for the request. You’re correct that the current authentication mechanisms are generally designed to share a single IAM role across multiple mounts on a node. The driver will pass the We will keep this request open as a feature to make multiple account access possible or at least easier and share any updates as we have them. |
|
I have the same need |
|
I also would like to point out, that it would be very nice to not use the same IAM role to access all s3 buckets, but to be able to specify exactly which role to be used on a per bucket basis - en par with the featureset of the efs driver regarding authentication. |
|
Cross-account S3 bucket access is working for me. I used a pod with an IRSA service account, then trusted that IAM principle in the bucket policy. |
|
@EdKingscote we released CSI Driver v1.9.0, which adds support for pod level authentication sources with IRSA. IRSA supports cross-account access. Can you check that this works as you'd expect? |
|
Mountpoint CSI Driver v1.9.0 added support for Pod-level identity. Using this feature you can configure cross-account S3 Bucket access at Pod granularity. We documented cross-account access using both bucket policies and IRSA. See Cross-account bucket access for more details. Closing this issue, please let us know if your use-case isn't covered with the mentioned approaches. |
/feature
I'm looking at running this in a self-hosted K8s environment but desire to access different S3 buckets that are spread across multiple AWS accounts, which means each will need a unique access/secret key combination.
I've spent a fair bit of time looking around, but it isn't clear to me whether this is achievable. The only thing I can envisage right now is using mountOptions on the Persistent Volume definition to be able to select the right credential profile, but I can't see a way to provide the profiles needed.
Many thanks
The text was updated successfully, but these errors were encountered: