my pods are using the node group role instead of the role defined by the service account. The service account configuration seems to be right because when I run kubectl exec pod_name -- env | grep AWS AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE env variables are correct.
I'm using AWS Java sdk version 1.12.233 which should support service accounts. Still according to the logs of my app, the node group role is used. The cluster runs Kubernetes 1.22
Any idea what could be the matter?
In the logs I found
c.a.auth.AWSCredentialsProviderChain.log - Unable to load credentials
from WebIdentityTokenCredentialsProvider: To use assume role profiles
the aws-java-sdk-sts module must be on the class path.
While looking for that message I found https://github.com/gkatzioura/CloudStorageMaven/issues/23 The solution in my case was to add aws-java-sdk-sts in the dependencies.