eks/aws.sdk.kotlin.services.eks.model/UpdatePodIdentityAssociationRequest/policy

policy

val policy: String?

An optional IAM policy in JSON format (as an escaped string) that applies additional restrictions to this pod identity association beyond the IAM policies attached to the IAM role. This policy is applied as the intersection of the role's policies and this policy, allowing you to reduce the permissions that applications in the pods can use. Use this policy to enforce least privilege access while still leveraging a shared IAM role across multiple applications.

Important considerations

  • Session tags: When using this policy, disableSessionTags must be set to true.

  • Target role permissions: If you specify both a TargetRoleArn and a policy, the policy restrictions apply only to the target role's permissions, not to the initial role used for assuming the target role.

© 2026, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka