User Specific AWS secrets

Can someone point me to the start of the art in terms of spinning up pods in jupyter-hub with kubernetes with user specific temporary or session keys for AWS? I found this discussion which is the closest I could find: https://github.com/jupyterhub/kubespawner/issues/94, is it still something that is a WIP or is there another way to achieve the same result?

1 Like

You could try having service linked roles for IAM users, as mentioned in the AWS documentation here.
Once you have an IAM role setup, annotate a ServiceAccount in kubernetes with said role and configure the Jupyter singleuser to use that service account.
This mounts a temporary AWS session credentials from STS which are valid for about 24 hours. You can try the same with kube2iam or kiam but they use different approaches for rotating your AWS credentials