Package software.amazon.awscdk.services.eks

Class ServiceAccount

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.services.eks.ServiceAccount
All Implemented Interfaces:
IGrantable, IPrincipal, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-13T16:10:04.829Z") @Stability(Stable) public class ServiceAccount extends software.constructs.Construct implements IPrincipal
Service Account.

Example: 

 // or create a new one using an existing issuer url
 String issuerUrl;
 // you can import an existing provider
 IOpenIdConnectProvider provider = OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC");
 OpenIdConnectProvider provider2 = OpenIdConnectProvider.Builder.create(this, "Provider")
         .url(issuerUrl)
         .build();
 ICluster cluster = Cluster.fromClusterAttributes(this, "MyCluster", ClusterAttributes.builder()
         .clusterName("Cluster")
         .openIdConnectProvider(provider)
         .kubectlRoleArn("arn:aws:iam::123456:role/service-role/k8sservicerole")
         .build());
 ServiceAccount serviceAccount = cluster.addServiceAccount("MyServiceAccount");
 Bucket bucket = new Bucket(this, "Bucket");
 bucket.grantReadWrite(serviceAccount);

  • Constructor Details

    • ServiceAccount

      protected ServiceAccount(software.amazon.jsii.JsiiObjectRef objRef)

    • ServiceAccount

      protected ServiceAccount(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • ServiceAccount

      @Stability(Stable) public ServiceAccount(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull ServiceAccountProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props - This parameter is required.

  • Method Details

    • addToPrincipalPolicy

      @Stability(Stable) @NotNull public AddToPrincipalPolicyResult addToPrincipalPolicy(@NotNull PolicyStatement statement)
      Add to the policy of this principal.

      Specified by:
      addToPrincipalPolicy in interface IPrincipal
      Parameters:
      statement - This parameter is required.

    • getAssumeRoleAction

      @Stability(Stable) @NotNull public String getAssumeRoleAction()
      When this Principal is used in an AssumeRole policy, the action to use.
      Specified by:
      getAssumeRoleAction in interface IPrincipal

    • getGrantPrincipal

      @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
      The principal to grant permissions to.
      Specified by:
      getGrantPrincipal in interface IGrantable

    • getPolicyFragment

      @Stability(Stable) @NotNull public PrincipalPolicyFragment getPolicyFragment()
      Return the policy fragment that identifies this principal in a Policy.
      Specified by:
      getPolicyFragment in interface IPrincipal

    • getRole

      @Stability(Stable) @NotNull public IRole getRole()
      The role which is linked to the service account.

    • getServiceAccountName

      @Stability(Stable) @NotNull public String getServiceAccountName()
      The name of the service account.

    • getServiceAccountNamespace

      @Stability(Stable) @NotNull public String getServiceAccountNamespace()
      The namespace where the service account is located in.