Share EKS Cluster¶
This guide will walk you through granting other users access to your EKS cluster.
- An existing EKS cluster.
- The account ID of your AWS account.
- The name of the IAM user or role you want to grant access to.
aws-authConfigMap in the
kube-systemnamespace:root@rok-tools:~# kubectl edit configmap aws-auth -n kube-system
Add an entry under the data field for each IAM user or IAM role you wish to grant access to. Choose one of the following options based on whether you want to grant access to a user or an IAM role.
aws-authConfigMap does not exist in your cluster, there is an example one in your GitOps repository under
rok/eks/aws-auth.yamlthat you can edit and apply directly.
- Official docs on sharing an EKS cluster.
Ensure that the user has sufficient permissions on EKS resources.
You can give the necessary permissions to the user by creting a new group with the
AmazonEKSAdminPolicy, for example, and adding the user to the group.
Ask the user to follow the Configure AWS CLI guide so that they can access AWS resources with
Ask the user to follow the Access EKS Cluster guide so that they can access Kubernetes with
In case the Kubernetes API server is firewalled ask the user to connect from a trusted source, for example, via a trusted VPN.