By using AWS re:Post, you agree to the Terms of Use

How to use EKS with AWS SSO

0

Hi,

We would like to give users permissions to use EKS using their AWS SSO usernames. I'm aware of the aws-iam-authenticator and eksctl, but not quite sure how to make them all work together with SSO rather than an IAM username.

Thanks

asked a year ago410 views
2 Answers
0

Hi,

Amazon EKS uses IAM to provide authentication to your Kubernetes cluster (through the aws eks get-token command, available in version 1.16.156 or later of the AWS CLI, or the AWS IAM Authenticator for Kubernetes), but it still relies on native Kubernetes Role Based Access Control (RBAC) for authorization. This means that IAM is only used for authentication of valid IAM entities. All permissions for interacting with your Amazon EKS cluster’s Kubernetes API is managed through the native Kubernetes RBAC system.

https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

Refer integration guide- https://aws.amazon.com/blogs/opensource/integrating-ldap-ad-users-kubernetes-rbac-aws-iam-authenticator-project/

Please mark Helpful or Correct Answer next to each message. Appreciate it.

profile picture
answered a year ago
0

IMHO this topic deserves a specific documentation page. AWS SSO uses some weirdly formatted role arns, and I've never been able to set this stuff up so that SSO users can access EKS using kubectl.

Pretty crazy that such an essential thing as kubectl access using SSO roles isn't properly documented

Edited by: trondhindenes-nomono-e2 on Sep 2, 2021 7:45 AM

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions