docs: additional externalid entry for EKS Pod Identity role (#8737)

benradstone · web-flow · commit c6468aa305d2 · 2025-11-21T17:28:21.000Z
diff --git a/_partials/eks-pod-identity/_eks-pod-identity-prerequisites.mdx b/_partials/eks-pod-identity/_eks-pod-identity-prerequisites.mdx
@@ -430,6 +430,18 @@ partial_name: eks-pod-identity-prerequisites
             }
           }
         },
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "AWS": "arn:aws:iam::<aws-management-cluster-account-id>:role/<role-name-for-identity-service-iam-local-role>"
+          },
+          "Action": "sts:AssumeRole",
+          "Condition": {
+            "StringLike": {
+              "sts:ExternalId": "<aws-management-cluster-region>/<aws-management-cluster-account-id>/<management-cluster-name>/*/palette-manager"
+            }
+          }
+        },
         {
           "Effect": "Allow",
           "Principal": {

Original file line number	Diff line number	Diff line change
`@@ -430,6 +430,18 @@ partial_name: eks-pod-identity-prerequisites`
`430`	`430`	`}`
`431`	`431`	`}`
`432`	`432`	`},`
	`433`	`+ {`
	`434`	`+ "Effect": "Allow",`
	`435`	`+ "Principal": {`
	`436`	`+ "AWS": "arn:aws:iam::<aws-management-cluster-account-id>:role/<role-name-for-identity-service-iam-local-role>"`
	`437`	`+ },`
	`438`	`+ "Action": "sts:AssumeRole",`
	`439`	`+ "Condition": {`
	`440`	`+ "StringLike": {`
	`441`	`+ "sts:ExternalId": "<aws-management-cluster-region>/<aws-management-cluster-account-id>/<management-cluster-name>/*/palette-manager"`
	`442`	`+ }`
	`443`	`+ }`
	`444`	`+ },`
`433`	`445`	`{`
`434`	`446`	`"Effect": "Allow",`
`435`	`447`	`"Principal": {`