Setup AWS IAM user to connect to EKS cluster

with this 4 simple steps:

1. Create Access Key
2. Create AWS Profile
3. Create Kube Context
4. Add IAM User to EKS as admin

Photo by Danielle Rice on Unsplash

1. Create Access Key

Go to IAM service in AWS web console. Select your user, then create your access key by following screenshot below

You will get Access Key ID and Secret Access Key

2. Create AWS Profile

by using command

aws configure --profile xxx

where xxx is the name of profile you want to create (to be used in case you have multiple AWS profiles).

Use Access Key ID and Secret Access Key that you got from step 1 to complete the command.

This command will create/update (if exist) 2 files, which are, ~/.aws/credentials and ~/.aws/config.

3. Create Kube Context

Kube context ties K8S cluster with AWS profile.

For EKS, AWS provides command to get EKS cluster information and map with AWS profile by using command

aws eks --region ap-southeast-1 update-kubeconfig --name dev --profile xxx

where

region is AWS region where your EKS cluster reside. It’s parameter of eks.

name is name of you EKS cluster (You can find it in AWS web console). It’s parameter of update-kubeconfig.

profile is the name of AWS profile in that you just create in step 2. It’s parameter of aws.

💡 Tip: If you don’t want to enter profile parameter every time, you can use command export AWS_PROFILE=xxx to temporarily switch default profile for that terminal session.

This command will create/update (if exist) ~/.kube/config file.

4. Add IAM User to EKS (as admin)

✏️ Note1: You don’t need to add an IAM user who created EKS cluster. That user already have admin right to the cluster.

✏️ Note2: In case you have multiple Kube context.
Use command kubectl config get-context to list all Kube context, then
use command kubectl config use-context to switch.

by using command

kubectl -n kube-system get configmap aws-auth -o yaml

You will see something similar to below

To add additional IAM user to EKS as admin, using command

kubectl -n kube-system edit configmap aws-auth

Then add below section, right next to mapRoles section

  mapUsers: |
    - userarn: arn:aws:iam::536845183091:user/xxx
      username: xxx
      groups:
        - system: masters

You will change it to something similar to below

After you save, the ConfigMaps will apply immediately.

✏️ Note3: If you want to add IAM user to EKS with specific role and permission, you can read more on:
https://www.agilepartner.net/en/adding-users-to-your-eks-cluster/
https://marcincuber.medium.com/amazon-eks-rbac-and-iam-access-f124f1164de7

Optional: Test you setting by using Lens

You can download from https://k8slens.dev