I lost admin access to eks cluster

Question

We previously had pod scheduling issue with this cluster ,and we gave on solving the issue , so we removed nodes and kept the control plane for troubleshooting.

Trying to add worker nodes , I followed AWS documents but I made a mistake applying the following configmap :

```
apiVersion: v1
kind: ConfigMap
metadata:
  name: aws-auth
  namespace: kube-system
data:
  mapRoles: |
    - rolearn: 'arn:aws:iam::account-number:role/testyy-NodeInstanceRole-1FQVVVZPS0TDP'
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes
```

That caused me to lose the cluster access , as it seem to have replaced the existing one , not sure why that happened , eks 1.21 so it might be the API version ?

We cannot delete the cluster now , is there  a way to regain access to the cluster ?
I can provide the cluster arn if anyone can help us regain access , thanks

Answer

Hello,

I see that you have mis-configured your `aws-auth` configmap and lost access to your cluster. You can regain access by editing the `aws-auth` configmap using the IAM user/role that you've used to create the EKS cluster.

The EKS cluster creator IAM user/role will always have access to your cluster even if the `aws-auth` configmap is mis-configured.

You can follow the steps provided in this [document](https://aws.amazon.com/premiumsupport/knowledge-center/eks-api-server-unauthorized-error/) to access your EKS cluster using the EKS cluster creator IAM role/user and edit the `aws-auth` configmap as needed.

If you are still facing issues after following the mentioned steps, please feel free to open a support case and we'll be glad to help you!

I lost admin access to eks cluster

Conteúdo relevante