Hi,
Amazon EKS uses IAM to provide authentication to your Kubernetes cluster (through the aws eks get-token command, available in version 1.16.156 or later of the AWS CLI, or the AWS IAM Authenticator for Kubernetes), but it still relies on native Kubernetes Role Based Access Control (RBAC) for authorization. This means that IAM is only used for authentication of valid IAM entities. All permissions for interacting with your Amazon EKS cluster’s Kubernetes API is managed through the native Kubernetes RBAC system.
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
Refer integration guide- https://aws.amazon.com/blogs/opensource/integrating-ldap-ad-users-kubernetes-rbac-aws-iam-authenticator-project/
Please mark Helpful or Correct Answer next to each message. Appreciate it.
IMHO this topic deserves a specific documentation page. AWS SSO uses some weirdly formatted role arns, and I've never been able to set this stuff up so that SSO users can access EKS using kubectl.
Pretty crazy that such an essential thing as kubectl access using SSO roles isn't properly documented
Edited by: trondhindenes-nomono-e2 on Sep 2, 2021 7:45 AM
Relevant questions
AWS Service Catalog. Grant SSO Users to the Portfolio
asked 5 months agoCan I keep existing IAM users and add SSO to our accounts
asked 2 years agoHow to use EKS with AWS SSO
asked a year agoManage identities in AWS SSO - how to create Users via CLI or API ?
asked 10 months agoAWS SSO Access for Linux?
asked 7 months agoIs it possible to give AWS SSO users Lake Formation data access?
asked 9 months agoAWS SSO - what OU/account to use?
asked 4 months agohow to change the logo/icon aws sso saml application
asked a month agoHow to use IAM users, groups and roles with SSO
asked 4 months agoAWS SSO with Amazon Managed Grafana not working (redirection to NULL)
asked 9 months ago
