holypriest · July 20, 2020 04:10
diff --git a/assume-role-policy.json b/assume-role-policy.json
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "arn:aws:iam::<your-aws-account>:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/<oidc-of-your-eks-cluster>"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "oidc.eks.us-east-1.amazonaws.com/id/<oidc-of-your-eks-cluster>:sub": [
            "system:serviceaccount:airflow-on-k8s:workers-sva",
            "system:serviceaccount:airflow-on-k8s:tasks-sva"
          ]
        }
      }
    }
  ]
 }
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "",
	"Effect": "Allow",
	"Principal": {
	"Federated": "arn:aws:iam::<your-aws-account>:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/<oidc-of-your-eks-cluster>"
	},
	"Action": "sts:AssumeRoleWithWebIdentity",
	"Condition": {
	"StringEquals": {
	"oidc.eks.us-east-1.amazonaws.com/id/<oidc-of-your-eks-cluster>:sub": [
	"system:serviceaccount:airflow-on-k8s:workers-sva",
	"system:serviceaccount:airflow-on-k8s:tasks-sva"
	]
	}
	}
	}
	]
	}