IAM Roles for Service Accounts support in Dremio

abhilash.kulkarni · November 25, 2025, 5:04pm

I’m trying to find out whether Dremio supports AWS IRSA (IAM Roles for Service Accounts) when accessing S3. Our goal is to use IRSA so we can enforce scoped, per-tenant access within a single S3 bucket—essentially restricting each tenant to only their own prefix/path.

Does Dremio currently support IRSA, and if so, what’s the recommended way to configure it? Any guidance or examples would be greatly appreciated.

Thanks!

Matthew_Baker · December 11, 2025, 5:49pm

In version 26.1, which recently shipped, we added support for EKS pod identities. Thus, the K8s service accounts used by the coordinator, executor, etc. of a given Dremio deployment can have their access scoped by the associated IAM role. Users’ access to data in Dremio is governed by Dremio’s RBAC (EE).

Topic		Replies	Views
Dremio EKS: use service account with AIM identity usage for s3 data source Dremio University	5	1533	March 14, 2023
Kubernetes deployment and connecting to an S3 data lake	7	1912	August 4, 2021
AWS S3 access using EC2 role instead of Access Keys	15	2900	July 2, 2021
Distributed Storage Authentication in EKS Dremio University	1	719	April 9, 2023
Dremio add S3 data source from different aws account	3	1814	February 25, 2019

IAM Roles for Service Accounts support in Dremio

Related topics