kiam runs as an agent on each node in your Kubernetes cluster and allows cluster users to associate IAM roles with Pods. [a] role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumed by anyone who needs it. Also, a role does not have any credentials (password or access keys) associated with it. Instead, if a user is assigned to a role, access keys are created dynamically and provided to the user.
Features
- No client SDK modifications are needed: Kiam intercepts Metadata API requests
- Separated Agent and Server processes. Allows user workloads to run on nodes without sts:AssumeRole permissions to enhance cluster security
- Denies access to all other AWS Metadata API paths by default (but can be configured via flag)
- AWS credentials are prefetched to allow fast responses (and avoid problems with races between Pods requesting credentials and the Kubernetes client caches being aware of the Pod)
- Multi-account IAM support. Pods can assume roles from any AWS account assuming trust relationships permit it
- Optional regional STS endpoint support
License
Apache License V2.0Follow kiam
Other Useful Business Software
Build AI Apps with Gemini 3 on Vertex AI
Vertex AI gives developers access to Gemini 3—Google’s most advanced reasoning and coding model—plus 200+ foundation models including Claude, Llama, and Gemma. Build generative AI apps with Vertex AI Studio, customize with fine-tuning, and deploy to production with enterprise-grade MLOps. New customers get $300 in free credits.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of kiam!