Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Authorise IAM user for all EKS clusters in an AWS account

1

We need to monitor nodes and pods in all clusters. To get this information, IAM user should be authorised using ClusterRoleBinding. As per our understanding, ClusterRoleBinding needs to be applied for every cluster in EKS separately to get access to a cluster for a specific IAM user. It also requires us to keep a watch on new cluster creation as authorisation needs to be done for new cluster as soon as it's added. This is very cumbersome. Is there any way by which an IAM user can be authorised for all EKS clusters in an AWS account in one step? Also, this user should get access to newly created clusters.

Themen
Sicherheit, Identität & KonformitätBehälterAWS Framework mit guter StrukturManagement & Unternehmensführung
Tags
AWS Identity and Access ManagementAmazon Elastic Kubernetes DienstSicherheitAWS Kontoverwaltung
Sprache
English
rePost-User-1968636
gefragt vor einem Jahr338 Aufrufe
1 Antwort
2
Akzeptierte Antwort

Hi,

The only way would be to automate the modification of the particular config file that modifies the aws-auth ConfigMap adding the particular user/role. For example if you are using CDK you can use the class AwsAuth to add roles/users at the cluster creation time. Here is an alternative with terraform.

If all the clusters are created with the same user/role, you could also create a recurrent tasks that lists all the EKS clusters and checks & modifies all the cluster to be compliant with the current IAM access allow.

Hope this helps!

AWS
Pablo Guzman
beantwortet vor einem Jahr
profile picture
EXPERTE
Oleksii Bebych
überprüft vor einem Monat

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt