whatisgithub

What is kube2iam?

fieldju/kube2iam — explained in plain English

Analysis updated 2026-07-17 · repo last pushed 2020-05-04

Audience · ops devopsComplexity · 4/5DormantSetup · hard

In one sentence

Gives each Kubernetes pod its own scoped AWS permissions instead of letting all pods on a machine share the same broad access.

Mindmap

mindmap
  root((kube2iam))
    What it does
      Intercepts credential requests
      Matches pod to AWS role
      Blocks cross-pod access
    Tech stack
      Kubernetes
      AWS IAM
    Use cases
      Isolate pod permissions
      Secure shared clusters
      Limit blast radius
    Audience
      DevOps teams
      Security engineers
    Setup
      Run as daemon per node
      Annotate pods with roles

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Give each pod only the AWS permissions it specifically needs.

USE CASE 2

Prevent a compromised container from stealing another pod's AWS credentials.

USE CASE 3

Run multiple teams' services on one shared Kubernetes cluster safely.

USE CASE 4

Restrict which AWS role a pod can assume via a simple annotation.

What is it built with?

KubernetesAWS IAMGo

How does it compare?

fieldju/kube2iam0verflowme/alarm-clock0xhassaan/nn-from-scratch
Stars0
LanguageCSSPython
Last pushed2020-05-042022-10-03
MaintenanceDormantDormant
Setup difficultyhardeasymoderate
Complexity4/52/54/5
Audienceops devopsvibe coderdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires configuring AWS IAM role assumption and running as a privileged daemon on every cluster node.

The README does not state a license.

Copy-paste prompts

Prompt 1
Explain how to annotate a Kubernetes pod so kube2iam assigns it a specific AWS role.
Prompt 2
Help me set up kube2iam as a daemon on every node in my cluster.
Prompt 3
Show me how to configure AWS role assumption so kube2iam can fetch scoped credentials.
Prompt 4
What annotation do I add to a pod spec to restrict it to a single AWS IAM role?

Frequently asked questions

What is kube2iam?

Gives each Kubernetes pod its own scoped AWS permissions instead of letting all pods on a machine share the same broad access.

Is kube2iam actively maintained?

Dormant — no commits in 2+ years (last push 2020-05-04).

What license does kube2iam use?

The README does not state a license.

How hard is kube2iam to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is kube2iam for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.