Hi, just wondering if there's a nice way to do this https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html with Pulumi? I have used

createOidcProvider

on my cluster resource, but unsure how to translate step 5 of this https://aws.amazon.com/premiumsupport/knowledge-center/eks-alb-ingress-controller-fargate/ into Pulumi I have found this guide https://www.pulumi.com/blog/kubernetes-ingress-with-aws-alb-ingress-controller-and-pulumi-crosswalk/ but it is not for a fargate cluster, and I assume I do not have an equivalent role to

NodeInstanceRole

in fargate?

Hi Ben — yes, you can do this a couple ways. What language are you working with; maybe i can point you in the direction of some examples?

Fab - thanks. I'm using TypeScript atm

You’ll be able to grab the ARN from the role you created, and use this to create the sa: https://www.pulumi.com/docs/reference/pkg/kubernetes/core/v1/serviceaccount/ I ran into a couple problems applying the helm chart, so I opted to have another script take care of that (including the service account) and then I went back and annotated it with the role ARN

Ah sweet, thanks for that - I'll give it a go

@gray-hamburger-90102 if you search the history in slack you should be able to find a chat with me and someone else with an example how to do this with Go.