Skip to content

Commit 2a30724

Browse files
author
Lukonde Mwila
committed
:Merging mainline into feature branch
2 parents 39dad6b + e93a064 commit 2a30724

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

latest/ug/workloads/workloads-add-ons-available-eks.adoc

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,10 @@ You can use any of the following Amazon EKS add-ons.
9898
|<<add-ons-sriov-network-metrics-exporter>>
9999
|EC2
100100

101+
|Retrieve secrets from {aws} Secrets Manager and parameters from {aws} Systems Manager Parameter Store and mount them as files in Kubernetes pods.
102+
|<<add-ons-aws-secrets-store-csi-driver-provider>>
103+
|EC2, EKS Auto Mode, EKS Hybrid Nodes
104+
101105

102106
|===
103107

@@ -686,3 +690,23 @@ NOTE: This add-on requires nodes with SR-IOV-capable network interfaces.
686690
|None
687691

688692
|===
693+
694+
[#add-ons-aws-secrets-store-csi-driver-provider]
695+
=== {aws} Secrets Store CSI Driver provider
696+
697+
The {aws} provider for the Secrets Store CSI Driver is an add-on that enables retrieving secrets from {aws} Secrets Manager and parameters from {aws} Systems Manager Parameter Store and mounting them as files in Kubernetes pods.
698+
699+
[#add-ons-ascp-iam-permissions]
700+
=== Required IAM permissions
701+
702+
The add-on does not require IAM permissions. However, application pods will require IAM permissions to fetch secrets from {aws} Secrets Manager and parameters from {aws} Systems Manager Parameter Store. After installing the add-on, access must be configured via IAM Roles for Service Accounts (IRSA) or EKS Pod Identity. To use IRSA, please refer to the Secrets Manager https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_ascp_irsa.html[IRSA setup documentation]. To use EKS Pod Identity, please refer to the Secrets Manager https://docs.aws.amazon.com/secretsmanager/latest/userguide/ascp-pod-identity-integration.html[Pod Identity setup documentation].
703+
704+
{aws} suggests the `AWSSecretsManagerClientReadOnlyAccess` managed policy.
705+
706+
For more information about the required permissions, see `AWSSecretsManagerClientReadOnlyAccess` in the {aws} Managed Policy Reference.
707+
708+
=== Additional information
709+
710+
For more information, please see the secrets-store-csi-driver-provider-aws https://github.com/aws/secrets-store-csi-driver-provider-aws[GitHub repository].
711+
712+
To learn more about the add-on, please refer to the https://docs.aws.amazon.com/secretsmanager/latest/userguide/ascp-eks-installation.html[{aws} Secrets Manager documentation for the add-on].

0 commit comments

Comments
 (0)