MinIO SDK support service account connectivity in AWS EKS

Question

I am trying to connect MinIO GO SDK with AWS EKS service account to work directly with AWS S3 but without any luck. I have tested it with AWS SDK and it works but doesn't work with the MinIO SDK. MinIO SDK error is "Access Denied".

EKS service account manifest

apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::AWS-ID:role/role-name
  name: SA-name
  namespace: placeholder

EKS pod manifest

apiVersion: v1
kind: Pod
metadata:
  name: pod-name
  namespace: placeholder
spec:
  serviceAccountName: SA-name
  containers:
  - name: eks-sa-test
    image: repository-path
  imagePullSecrets:
  -  name: repository-creds

Working AWS SDK code to list the buckets.

package main

import (
    "context"
    "log"

    "github.com/aws/aws-sdk-go-v2/aws"
    "github.com/aws/aws-sdk-go-v2/config"
    "github.com/aws/aws-sdk-go-v2/service/s3"
)

func main() {
    // Load the Shared AWS Configuration (~/.aws/config)
    cfg, err := config.LoadDefaultConfig(context.TODO(),
        config.WithRegion("eu-west-1"), // Replace with your region
    )

    if err != nil {
        log.Fatalf("unable to load SDK config, %v", err)
    }

    // Create an Amazon S3 service client
    s3Client := s3.NewFromConfig(cfg)

    // Continue to use the s3Client to make operations calls to S3
    // For example, listing buckets
    listBuckets(s3Client)
}

func listBuckets(client *s3.Client) {
    // Call to ListBuckets API
    result, err := client.ListBuckets(context.TODO(), &s3.ListBucketsInput{})
    if err != nil {
        log.Fatalf("Unable to list buckets, %v", err)
    }

    for _, b := range result.Buckets {
        log.Printf("Bucket: %s", aws.ToString(b.Name))
    }
}

Not working MinIO SDK code to list the buckets.

package main

import (
    "context"
    "fmt"
    "log"

    "github.com/minio/minio-go/v7"
    "github.com/minio/minio-go/v7/pkg/credentials"
)

func main() {
    endpoint := "s3.amazonaws.com"
    useSSL := true

    // Initialize MinIO client with IAM credentials.
    minioClient, err := minio.New(endpoint, &minio.Options{
        Creds:  credentials.NewIAM(""),
        Secure: useSSL,
    })

    if err != nil {
        log.Println("could not make minio client")
        log.Fatalln(err)
    }

    // List all buckets
    buckets, err := minioClient.ListBuckets(context.TODO())
    if err != nil {
        log.Println("could not list all buckets")
        log.Fatalln(err)
    }

    for _, bucket := range buckets {
        fmt.Println(bucket.Name)
    }
}

Expecting container with MinIO SDK to list all the buckets as container with AWS SDK does. MinIO container returns "access denied" error instead of listing all buckets.

Answer 1

Apparently this is a working code. The problem was in EKS configuration!