From 1ba821d73de29c4d58820dbe57ec5d2e66508bc3 Mon Sep 17 00:00:00 2001
From: Amar Datar <57144500+amardatar@users.noreply.github.com>
Date: Thu, 27 Feb 2025 15:41:35 +0000
Subject: [PATCH] Fixes usage with EKS Pod Identity

---
 .../docker-entrypoint.d/00-check-for-required-env.sh   | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/common/docker-entrypoint.d/00-check-for-required-env.sh b/common/docker-entrypoint.d/00-check-for-required-env.sh
index 1001bd4b..09a5d289 100755
--- a/common/docker-entrypoint.d/00-check-for-required-env.sh
+++ b/common/docker-entrypoint.d/00-check-for-required-env.sh
@@ -57,6 +57,16 @@ elif [[ -v AWS_WEB_IDENTITY_TOKEN_FILE ]]; then
     AWS_ROLE_SESSION_NAME="nginx-s3-gateway"
   fi
 
+# d) Using EKS pod identity. This is indicated by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE being set.
+#    See https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html.
+#    Example: We are running inside an EKS cluster with a pod identity configured.
+elif [[ -v AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE ]]; then
+  echo "Running inside EKS with EKS pod identity"
+  if [[ ! -v AWS_ROLE_SESSION_NAME ]]; then
+    # The default value is set as a nginx-s3-gateway unless the value is defined.
+    AWS_ROLE_SESSION_NAME="nginx-s3-gateway"
+  fi
+
 elif [[ -v S3_ACCESS_KEY_ID ]]; then
   echo "Deprecated the S3_ACCESS_KEY_ID! Use the environment variable of AWS_ACCESS_KEY_ID instead"
   failed=1