It is a common problem that your application running on EKS wants to access S3 or other AWS service. However, you may have two types of microservices running, being A and B. Let us assume that A is supposed to access S3, and B is supposed to access RDS. But neither you want A to access RDS, or B to access S3. Plus you don’t want to handle all the difficulties on the code level to assume role. Using service account in Kubernetes is the best way to solve it.