Include IRSA authentication note for Athena and Redshift (#798)

janet-can · web-flow · commit e0c10eb3e0ba · 2024-06-05T12:52:36.000-07:00
diff --git a/_includes/access-keys-role-arn.md b/_includes/access-keys-role-arn.md
@@ -1,2 +1,5 @@
-<sup>1</sup> `access_key_id` and `secret_access_key` are required parameters to authenticate with Amazon Athena. You may add the optional `role_arn` parameter which first authenticates with the access keys, then uses the role to access temporary tokens that allow for authentication. Depending on your Athena setup, you may be able to use only the `role_arn` to authenticate, though Athena still must access the keys from a config file or environment variables. <br />
-See <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html" target="_blank">AWS Boto3 documentation</a> for details on the progressive steps it takes to access the credentials it needs to authenticate.
+<sup>1</sup> `access_key_id` and `secret_access_key` are required parameters to obtain an authentication token from Amazon Athena or Redshift. You can provide these key values in the configuration file or as environment variables.
+
+You may add the optional `role_arn` parameter which first authenticates with the access keys, then uses the role to access temporary tokens that allow for authentication. Depending on your Athena or Redshift setup, you may be able to use only the `role_arn` to authenticate, though Athena still must access the keys from a config file or environment variables. See <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html" target="_blank">AWS Boto3 documentation</a> for details on the progressive steps it takes to access the credentials it needs to authenticate.
+
+Some users who access their Athena or Redshift data source via a self-hosted Soda Agent deployed in a Kubernetes cluster have reported that they can use IAM roles for Service Accounts to authenticatate, as long as the IAM role that the Kubernetes pod has from the Kubernetes Service Account has the permissions to access Athena or Redshift. See <a href="https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html" target="_blank">Enable IAM Roles for Service Accounts (IRSA) on the EKS cluster</a>.
diff --git a/soda/new-documentation.md b/soda/new-documentation.md
@@ -11,6 +11,7 @@ parent: Learning resources
 
 #### June 5, 2024
 * Added [release notes]({% link release-notes/all.md %}) documentation for Soda Library 1.5.5.
+* Added details about IRSA authentication for Athena and Redshift data sources.
 
 #### May 30, 2024
 * Added [release notes]({% link release-notes/all.md %}) documentation for the Soda AI features generally available or available for preview access upon request.
