IAM permissions in EKS cluster
with the introduction of IRSA , IAM roles for service account , there are now two options to define the IAM role in EKS cluster for the pods :
each pod get specific IAM role . this is the preferred method.
- pros - fine grain permissions per pods
- cons - additional roles are needed
each node get specific IAM role .
- pros - single instance profile per the EKS worker node
- cons - each pod get all the permissions of the nodes