Use a supported Amazon SDK - Amazon EKS
Using EKS Pod Identity credentials
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Help improve this page

Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.

Use a supported Amazon SDK

When using Learn how EKS Pod Identity grants pods access to Amazon services, the containers in your Pods must use an Amazon SDK version that supports assuming an IAM role from the EKS Pod Identity Agent. Make sure that you're using the following versions, or later, for your Amazon SDK:

To ensure that you're using a supported SDK, follow the installation instructions for your preferred SDK at Tools to Build on Amazon when you build your containers.

For a list of add-ons that support EKS Pod Identity, see Add-on versions compatible with EKS Pod Identity.

Using EKS Pod Identity credentials

To use the credentials from a EKS Pod Identity association, your code can use any Amazon SDK to create a client for an Amazon service with an SDK, and by default the SDK searches in a chain of locations for Amazon Identity and Access Management credentials to use. The EKS Pod Identity credentials will be used if you don't specify a credential provider when you create the client or otherwise initialized the SDK.

This works because EKS Pod Identities have been added to the Container credential provider which is searched in a step in the default credential chain. If your workloads currently use credentials that are earlier in the chain of credentials, those credentials will continue to be used even if you configure an EKS Pod Identity association for the same workload.

For more information about how EKS Pod Identities work, see Understand how EKS Pod Identity works.