Streamlining AWS Role Assumption in KEDA Using OIDC/Federation #5178
Labels
Comments
ThaSami
added
feature-request
4 tasks
github-project-automation
bot
moved this from To Triage
to Ready To Ship
in Roadmap - KEDA Core
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposal
The current implementation for role assumption in KEDA, particularly when overriding AWS roles via pod identity mechanisms or the awsRoleArn trigger authentication environment variable, relies on using the KEDA operator's IAM role. This process requires granting specific permissions to the KEDA operator's role to assume the designated AWS role. Additionally, it necessitates configuring the trust relationship on the target role to allow this assumption. While effective in environments utilizing kube2iam, this methodology introduces additional, and potentially unnecessary, configuration steps in IRSA setup.
We propose a change to the role assumption process in KEDA for AWS. This improvement involves enabling KEDA to assume AWS roles directly by utilizing OpenID Connect (OIDC) and federation mechanisms. This approach would allow KEDA to bypass the current requirement of configuring the operator's role with additional permissions for role assumption.
Use-Case
No response
Is this a feature you are interested in implementing yourself?
Yes
Anything else?
No response
The text was updated successfully, but these errors were encountered: