[1.16] Adds docs for EKS IRSA (#4845)

* [1.16] Adds docs for EKS IRSA Fixes https://github.com/dapr/docs/issues/4779 Signed-off-by: joshvanl <me@joshvanl.dev> * Adds ref to AWS auth page Signed-off-by: joshvanl <me@joshvanl.dev> --------- Signed-off-by: joshvanl <me@joshvanl.dev> Co-authored-by: Mark Fussell <markfussell@gmail.com>
2025-09-05 22:02:02 -03:00 · 2025-09-05 22:02:02 -03:00 · a5355b512b
parent 2026f434e3
commit a5355b512b
1 changed files with 23 additions and 0 deletions
--- a/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-eks.md
+++ b/daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-eks.md
@ -113,6 +113,29 @@ You should see the following response:
 ✅  Success! Dapr has been installed to namespace dapr-system. To verify, run `dapr status -k' in your terminal. To get started, go here: https://docs.dapr.io/getting-started
 ```

+## IAM Roles for Service Accounts (IRSA)
+
+You can attach custom annotations to the ServiceAccounts created by the `dapr_rbac` Helm subchart—useful for enabling IAM Roles for Service Accounts (IRSA) on AWS EKS.
+This enables fine-grained, secure access control for Dapr components using EKS’s IRSA mechanism.
+Update your Dapr Helm values files to include the following necessary annotations for the ServiceAccounts.
+
+See [here]({{% ref authenticating-aws.md %}}) for more information on AWS authentication.
+
+```yaml
+serviceAccount:
+  operator:
+    annotations:
+      eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/operator-role
+  injector:
+    annotations: {}
+  placement:
+    annotations: {}
+  scheduler:
+    annotations: {}
+  sentry:
+    annotations: {}
+````
+
 ## Troubleshooting

 ### Access permissions