18:02 "You can block access to the instance metadata service and then the pod can't assume any permissions of the worker node IAM role." Are you able to elaborate a little more? How are the instance metadata service and the pod assuming permissions related? Thanks!
The metadata service provides a temporary API key that gives access based on the assigned IAM role. See docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
These are great questions! I found this post that goes into depth with Ingress Sharing and Target Group Binding, it may shed some light on this: go.aws/3JSyGjT. 📄 I also recommend posting details on your use case in AWS re:Post: go.aws/aws-repost. Our community of experts & enthusiasts can offer insight & advice! 👥 ^RM
What happens to the 99.95% SLA claim when the entire region is down for 12+ hours ? I've seen in the last few months, AWS is down multiple times in a month.
Now we have access entries at 1.29 k8s version for auth
😃So cool, Mike! I don't know if you remember me but we used to work together. It's so neat to see where you've landed. Congrats on your success!
18:02 "You can block access to the instance metadata service and then the pod can't assume any permissions of the worker node IAM role." Are you able to elaborate a little more? How are the instance metadata service and the pod assuming permissions related? Thanks!
The metadata service provides a temporary API key that gives access based on the assigned IAM role. See docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
Where are the slides? This was really good
instead of AWS ingress.yaml, can i register pods automatically with targetgroup CRD?, do i need to install loadbalancer controller also for this?
These are great questions! I found this post that goes into depth with Ingress Sharing and Target Group Binding, it may shed some light on this: go.aws/3JSyGjT. 📄 I also recommend posting details on your use case in AWS re:Post: go.aws/aws-repost. Our community of experts & enthusiasts can offer insight & advice! 👥 ^RM
What happens to the 99.95% SLA claim when the entire region is down for 12+ hours ?
I've seen in the last few months, AWS is down multiple times in a month.
What region was down for 12 hours?
@@kellymoses8566 us-east-1 in the metaverse 69
Any chance of getting slides?
Great explanation.🎉
We are glad to hear that. 🙌
excellent presentation Mike, thank you :)
Excellent présentation Mike, thank you
39:40
Good stuff!
really helpful talk
Excellent
pronouns make it impossible to take this guy seriously
Thank Mike!
Very helpful!
You're welcome, Viet! So glad you like it! 😀