Folks I need suggestions for how to best automate a couple of kubernates steps I need to do for my infrastructure in pulumi: 1. Create the OIDC provider that will be associated with the EKS cluster:

eksctl utils associate-iam-oidc-provider --cluster <Name-EKS-Cluster> --approve

2. Create the

flyte-system

IAM role, attach the

AmazonS3FullAccessservice

policy to it and associate the role with a new Kubernetes service account:

eksctl create iamserviceaccount --name <my-flyte-sa> --namespace flyte --cluster <my-eks-cluster> --region <region-code> --role-name flyte-system-role \ 
--attach-policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --approve

if you’re using pulumi-eks, enabling OIDC is as easy as setting this property: https://www.pulumi.com/registry/packages/eks/api-docs/cluster/#create_oidc_provider_python

@billowy-army-68599 so another thing that I found was this - https://www.pulumi.com/registry/packages/aws/api-docs/eks/identityproviderconfig/ However the here we need to get the the OIDC issuer URL that I was able to get via:

aws eks describe-cluster --region <region> --name <Name-EKS-Cluster> --query "cluster.identity.oidc.issuer" --output text

The more “learning” question for me is : “What are the packages I should be looking at if I need to run the cli commands using

aws eks

,

eksctl

. I don’t want to keep bothering the folks here 😄

eksctl abstracts away quite a lot of EKS in a way that makes it difficult to figure out, so asking questions is fine