By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Does eks:AccessKubernetesApi allows to update any resources or it allows only readonly access?

0

Hello,

Please advise does "eks:AccessKubernetesApi" allows only to view the workloads or it allows to update any kubernetes resources.

If you could point me to security implications of adding "eks:AccessKubernetesApi" to a role in production, that would be really helpful.

Thanks

Topics
Security, Identity, & ComplianceContainersAWS Well-Architected Framework
Tags
Security, Identity, & ComplianceAmazon Elastic Kubernetes ServiceSecurity
Language
English
AWS-User-7661235
asked 2 years ago3404 views
1 Answer
0

The IAM policy action eks:AccessKubernetesApi is used to allow users to view Kubernetes resources on the AWS Console. Without this the user cannot see the Overview and Workloads tabs content. You can see in the IAM action type definitions that this action is classified as read-only. You can view full list of actions and their access levels here.

On top of this you also need to create IAM role mapping inside the EKS cluster to give the AWS Console access to make requests on users behalf. More details available at here.

profile pictureAWS
EXPERT
Toni_S
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content