S3 connectivity issue when running Elasticsearch in Kubernetes with ServiceAccount to IAM role mapping
So, looks like the official docs show how to tie it with a service account using GCS which makes sense since GCP also has this concept of service accounts.
For AWS is a little bit different you typically associate a role or assume a role that has the right permissions. This is a good guide on how to use it for Kubernetes and how it's officially supported now. I believe the ECK operator doesn't support it yet since the docs say that the S3 storage plugin either uses the EC2 or ECS IAM roles. This is odd because you'd want to use an S3 type of role to access S3.
What's in the docs is how to use an AWS user instead of a role to access S3:
- Client Settings
- Keystore using an AWS Secret Access Key and AWS User Key ID
- Repository Settings
If you configure your plugin that way, you should be able to access S3 provided that the user has write access to the S3 bucket where you want to store the snapshots.