Passwordless Access for Amazon EKS

JFrog Installation & Setup Documentation

Content Type
Installation & Setup

JFrog Platform can leverage AWS AssumeRole to provide passwordless access experience in Amazon EKS. AssumeRole authentication method allows AWS users to use roles assigned to them to create temporary authentication tokens that can be used in the JFrog Platform.

AWS AssumeRole includes a set of temporary security credentials to access AWS resources that you might not have access to otherwise. These temporary credentials consist of an access key ID, a secret access key, and a session token. These short-lived secrets are stored in the Docker repository.

When you configure passwordless access with AWS AssumeRole, you enable the download and upload of artifacts from a Docker repository without the need to create and rotate secrets, and storing these secrets in the Docker repository. Using this process improves the Docker repository security by using non-refreshable short-lived token for pulling and pushing docker images, without exposing any admin master keys for rotation. The system does not send your secret access key at any time and instead uses AWS SigV4A capabilities. no AWS secrets are sent outside of the EKS system.

You must provide permissions in the EKS cluster before you proceed with the configuration.

AWS EKS Requirements

The minimum EC2 node requirement in the cluster is t2.medium and higher.

To configure the password access, you must complete the following tasks.