Merge pull request #812 from jiaeenie/s3-csi-role-policy-stringequals

Update IAM role policy configuration to use `StringEquals` for Mountpoint for Amazon S3 CSI driver
awsdocs · Nov 25, 2024 · 7fe9c13 · 7fe9c13
2 parents d2b73c6 + c6923b2
commit 7fe9c13
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/latest/ug/storage/s3-csi.adoc b/latest/ug/storage/s3-csi.adoc
@@ -185,9 +185,9 @@ Add a comma to the end of the previous line, and then add the following line aft
 +
 [source,json,subs="verbatim,attributes,quotes"]
 ----
-"oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": "system:serviceaccount:kube-system:s3-csi-*"
+"oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": "system:serviceaccount:kube-system:s3-csi-driver-sa"
 ----
-. Change the `Condition` operator from `"StringEquals"` to `"StringLike"`.
+. Ensure that the `Condition` operator is set to `"StringEquals"`.
 . Choose *Update policy* to finish.
 
 === {aws} CLI [[awscli_s3_store_app_data]]
@@ -220,8 +220,8 @@ https://oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE
       },
       "Action": "sts:AssumeRoleWithWebIdentity",
       "Condition": {
-        "StringLike": {
-          "oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": "system:serviceaccount:kube-system:s3-csi-*",
+        "StringEquals": {
+          "oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": "system:serviceaccount:kube-system:s3-csi-driver-sa",
           "oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com"
         }
       }