ServiceAccount

class aws_cdk.aws_eks_v2_alpha.ServiceAccount(scope, id, *, cluster, annotations=None, identity_type=None, labels=None, name=None, namespace=None, overwrite_service_account=None)

Bases: Construct

(experimental) Service Account.

Stability:: experimental
ExampleMetadata:: infused

Example:

import aws_cdk.aws_s3 as s3

# or create a new one using an existing issuer url
# issuer_url: str

from aws_cdk.lambda_layer_kubectl_v34 import KubectlV34Layer

# you can import an existing provider
provider = eks.OidcProviderNative.from_oidc_provider_arn(self, "Provider", "arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC")
provider2 = eks.OidcProviderNative(self, "Provider",
    url=issuer_url
)

cluster = eks.Cluster.from_cluster_attributes(self, "MyCluster",
    cluster_name="Cluster",
    open_id_connect_provider=provider,
    kubectl_provider_options=eks.KubectlProviderOptions(
        kubectl_layer=KubectlV34Layer(self, "kubectl")
    )
)

service_account = cluster.add_service_account("MyServiceAccount")

bucket = s3.Bucket(self, "Bucket")
bucket.grant_read_write(service_account)

Parameters:

scope (Construct)
id (str)
cluster (ICluster) – (experimental) The cluster to apply the patch to.
annotations (Optional[Mapping[str, str]]) – (experimental) Additional annotations of the service account. Default: - no additional annotations
identity_type (Optional[IdentityType]) – (experimental) The identity type to use for the service account. Default: IdentityType.IRSA
labels (Optional[Mapping[str, str]]) – (experimental) Additional labels of the service account. Default: - no additional labels
name (Optional[str]) – (experimental) The name of the service account. The name of a ServiceAccount object must be a valid DNS subdomain name. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ Default: - If no name is given, it will use the id of the resource.
namespace (Optional[str]) – (experimental) The namespace of the service account. All namespace names must be valid RFC 1123 DNS labels. https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns Default: “default”
overwrite_service_account (Optional[bool]) – (experimental) Overwrite existing service account. If this is set, we will use kubectl apply instead of kubectl create when the service account is created. Otherwise, if there is already a service account in the cluster with the same name, the operation will fail. Default: false

Stability:

experimental

Methods

add_to_policy(statement)

(deprecated) Add to the policy of this principal.

Parameters:: statement (PolicyStatement)
Deprecated:: use addToPrincipalPolicy()
Stability:: deprecated
Return type:: bool

add_to_principal_policy(statement)

(experimental) Add to the policy of this principal.

Parameters:: statement (PolicyStatement)
Stability:: experimental
Return type:: AddToPrincipalPolicyResult

to_string()

Returns a string representation of this construct.

Return type:: str

Attributes

assume_role_action

(experimental) When this Principal is used in an AssumeRole policy, the action to use.

Stability:: experimental

grant_principal

(experimental) The principal to grant permissions to.

Stability:: experimental

node: The tree node.

policy_fragment

(experimental) Return the policy fragment that identifies this principal in a Policy.

Stability:: experimental

role

(experimental) The role which is linked to the service account.

Stability:: experimental

service_account_name

(experimental) The name of the service account.

Stability:: experimental

service_account_namespace

(experimental) The namespace where the service account is located in.

Stability:: experimental

Static Methods

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Construct.