https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-eks-adds-support-to-assign-iam-permissions-to-kubernetes-service-accounts/
Reposted from https://news.ycombinator.com/item?id=20879225 that got no comments (cept mine lol).
This is pretty big news. Most people that need this use kube2iam or kiam, both of which are quite flakey to be honest as they rely on intercepting requests to the AWS Instance Metadata service.
