cloud-security

IRSA

IAM Roles for Service Accounts

Definition

IRSA is an AWS mechanism that associates Kubernetes service accounts with AWS IAM roles, allowing pods to assume IAM roles without long-lived AWS credentials. It uses OIDC federation between EKS and AWS IAM, minting short-lived AWS credentials scoped to the IAM role permissions.

IRSA eliminates the need to store AWS access keys in Kubernetes secrets or environment variables, significantly reducing the risk of credential exposure.

Related Terms

Workload Identity

Managed Identity

Managed Identity (Azure)

IAM Roles

Cloud IAM Roles

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product