Setup AWS IAM user to connect to EKS cluster
with this 4 simple steps:
- Create Access Key
- Create AWS Profile
- Create Kube Context
- Add IAM User to EKS as admin
1. Create Access Key
Go to IAM service in AWS web console. Select your user, then create your access key by following screenshot below
You will get Access Key ID
and Secret Access Key
2. Create AWS Profile
by using command
aws configure --profile xxx
where xxx
is the name of profile you want to create (to be used in case you have multiple AWS profiles).
Use Access Key ID
and Secret Access Key
that you got from step 1 to complete the command.
This command will create/update (if exist) 2 files, which are, ~/.aws/credentials
and ~/.aws/config
.
3. Create Kube Context
Kube context ties K8S cluster with AWS profile.
For EKS, AWS provides command to get EKS cluster information and map with AWS profile by using command
aws eks --region ap-southeast-1 update-kubeconfig --name dev --profile xxx
where
region
is AWS region where your EKS cluster reside. It’s parameter of eks
.
name
is name of you EKS cluster (You can find it in AWS web console). It’s parameter of update-kubeconfig
.
profile
is the name of AWS profile in that you just create in step 2. It’s parameter of aws
.
💡 Tip: If you don’t want to enter profile parameter every time, you can use command
export AWS_PROFILE=xxx
to temporarily switch default profile for that terminal session.
This command will create/update (if exist) ~/.kube/config
file.
4. Add IAM User to EKS (as admin)
✏️ Note1: You don’t need to add an IAM user who created EKS cluster. That user already have admin right to the cluster.
✏️ Note2: In case you have multiple Kube context.
Use commandkubectl config get-context
to list all Kube context, then
use commandkubectl config use-context
to switch.
by using command
kubectl -n kube-system get configmap aws-auth -o yaml
You will see something similar to below
To add additional IAM user to EKS as admin, using command
kubectl -n kube-system edit configmap aws-auth
Then add below section, right next to mapRoles
section
mapUsers: |
- userarn: arn:aws:iam::536845183091:user/xxx
username: xxx
groups:
- system: masters
You will change it to something similar to below
After you save, the ConfigMaps will apply immediately.
✏️ Note3: If you want to add IAM user to EKS with specific role and permission, you can read more on:
https://www.agilepartner.net/en/adding-users-to-your-eks-cluster/
https://marcincuber.medium.com/amazon-eks-rbac-and-iam-access-f124f1164de7