AWS::EKS::Addon PodIdentityAssociation - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::EKS::Addon PodIdentityAssociation

Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "RoleArn" : String, "ServiceAccount" : String }


RoleArn: String ServiceAccount: String



The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.

Required: Yes

Type: String

Pattern: ^arn:aws(-cn|-us-gov|-iso(-[a-z])?)?:iam::\d{12}:(role)\/*

Update requires: No interruption


The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.

Required: Yes

Type: String

Update requires: No interruption