No IAM permissions required to mount access points

Document the additional IAM permissions needed (none) to mount access points.
kubernetes-sigs · Apr 28, 2020 · f935df9 · f935df9
1 parent 74272a9
commit f935df9
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/examples/kubernetes/access_points/README.md b/examples/kubernetes/access_points/README.md
@@ -2,6 +2,9 @@
 Like [volume path mounts](../volume_path), mounting [EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) allows you to expose separate data stores with independent ownership and permissions from a single EFS volume.
 In this case, the separation is managed on the EFS side rather than the kubernetes side.
 
+Under the hood, this is merely passing the `tls` and `accesspoint=XXX` options through to `mount`'s `-o` flag.
+No additional IAM permissions are required.
+
 **Note**: Because access point mounts require TLS, this is not supported in driver versions at or before `0.3`.
 
 ### Create Access Points (in EFS)