Mountpoint for Amazon S3 CSI driver introduces new access controls for individual Kubernetes pods
The Mountpoint for Amazon S3 Container Storage Interface (CSI) driver now supports configuring distinct AWS Identity and Access Management (IAM) roles for individual Kubernetes pods. Built on Mountpoint for Amazon S3, the CSI driver presents an S3 bucket as a volume accessible by containers in Amazon Elastic Kubernetes Service (Amazon EKS) and self-managed Kubernetes clusters. Now, you can use IAM roles for each pod to restrict access to specific buckets or objects, without making changes to your applications.
Previously, you could configure an IAM role that the CSI driver used for all pods in your Kubernetes cluster. With this launch, you can further strengthen your application security when building multi-tenant environments by configuring the CSI driver to use individual IAM roles for each pod that attaches a volume. This means that you can run data-intensive jobs, like machine learning or media transcoding, across multiple pods while allowing each pod to access only the data it needs, providing data isolation between pods as a result.
Amazon EKS supports the Mountpoint for Amazon S3 CSI driver as an EKS add-on. You can install, configure, and update the CSI driver with just a few clicks in the Amazon EKS console, AWS Command Line Interface (AWS CLI), EKS Application Programming Interface (API), and AWS CloudFormation. To get started, follow the user guide.