Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Help improve this page

Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.

Mountpoint for Amazon S3 CSI Driver

The Mountpoint for Amazon S3 CSI Driver Amazon EKS add-on is a Kubernetes Container Storage Interface (CSI) plugin that provides Amazon S3 storage for your cluster.

The Amazon EKS add-on name is aws-mountpoint-s3-csi-driver.

Required IAM permissions

This add-on uses the IAM roles for service accounts capability of Amazon EKS. The IAM role that is created will require a policy that gives access to S3. Follow the Mountpoint IAM permissions recommendations when creating the policy. Alternatively, you may use the Amazon managed policy AmazonS3FullAccess, but this managed policy grants more permissions than are needed for Mountpoint.

You can create an IAM role and attach your policy to it with the following commands. Replace my-cluster with the name of your cluster, region-code with the correct Amazon Web Services Region code, AmazonEKS_S3_CSI_DriverRole with the name for your role, and AmazonEKS_S3_CSI_DriverRole_ARN with the role ARN. These commands require that you have eksctl installed on your device. For instructions on using the IAM console or Amazon CLI, see Create an IAM role.

CLUSTER_NAME=my-cluster
REGION=region-code
ROLE_NAME=AmazonEKS_S3_CSI_DriverRole
POLICY_ARN=AmazonEKS_S3_CSI_DriverRole_ARN
eksctl create iamserviceaccount \
    --name s3-csi-driver-sa \
    --namespace kube-system \
    --cluster $CLUSTER_NAME \
    --attach-policy-arn $POLICY_ARN \
    --approve \
    --role-name $ROLE_NAME \
    --region $REGION \
    --role-only

Additional information

To learn more about the add-on, see Use Mountpoint for Amazon S3 storage.