We’ll create a service account for Kubernetes to grant to pods if they need to perform CodeCommit API actions (e.g. GetCommit, ListBranches). This will allow Jenkins to respond to new repositories, branches, and commits.
If you have not completed the IAM Roles for Service Accounts lab, please complete the Create an OIDC identity provider step now. You do not need to complete any other sections of that lab.
eksctl create iamserviceaccount \
--name jenkins \
--namespace default \
--cluster eksworkshop-eksctl \
--attach-policy-arn arn:aws:iam::aws:policy/AWSCodeCommitPowerUser \
--approve \
--override-existing-serviceaccounts