I am using the https://github.com/pulumi/pulumi-eks to spin up the cluster. For the https://github.com/helm/charts/tree/master/stable/kube2iam , how do I get the

base-role-arn

to pass to helm install extraArgs.

I haven’t used

kube2iam

myself before - but I believe: 1. That parameter isn’t required, it’s just a convenience so you don’t have to repeat the whole ARN on every pod 2. Assuming all the roles you will be applying to pods are from the same account, you can construct the base arn just knowing the account number (which can also be looked up via

aws.iam.getCallerIdentity()

) 3. The actual roles you want to assign will need to be created separately from what

@pulumi/EKS

provides. The roles you create will be based on specific needs of your application code, not general needs of the cluster. You can of course create these using

aws.iam.Role

and integrate this with your Pulumi deployment of the cluster for easy management.