• caglararli@hotmail.com
  • 05386281520

How to manage temporary AWS credentials for on-premises Kubernetes clusters?

Çağlar Arlı      -    39 Views

How to manage temporary AWS credentials for on-premises Kubernetes clusters?

We have several on-premises Kubernetes clusters that need to utilize AWS services. Currently, we use traditional IAM Users with static credentials, but we recognize this is a bad practice. We want to transition to using temporary credentials but are struggling to find the optimal solution.

Here are the approaches we've considered and their challenges:

Vault with AWS Engines: This provides credentials, but the clusters need a key for Vault, which substitutes one long-term credential for another.

IAM Roles Anywhere: We're unsure how to properly store certificates and set up AWS Profiles so that different pods can use them. Additionally, the certificate feels like another form of long-term credential.

We are looking for a more secure and manageable solution. Does EKS Anywhere solve our problem, or is there another recommended approach for managing temporary AWS credentials in on-premises Kubernetes clusters?

Any advice or guides would be greatly appreciated. Thank you!