- Newest
- Most votes
- Most comments
Hello,
When you enable admin cluster access for a specific role, you should use 'userRoleArn' ranther than 'users', for example:
const adminTeam = new PlatformTeam( {
name: "second-adminteam", // make sure this is unique within organization
userRoleArn: `${YOUR_ROLE_ARN}`;
})
or for users:
export class TeamAwesome extends PlatformTeam {
constructor(app: App) {
super({
name: "team-awesome",
users: [
new ArnPrincipal(`arn:aws:iam::${YOUR_IAM_ACCOUNT}:user/user1`),
new ArnPrincipal(`arn:aws:iam::${YOUR_IAM_ACCOUNT}:user/user2`)
]
});
}
}
The approach you're using with EKS Blueprints is close, but there are a few adjustments needed to properly set up master access to your EKS cluster.
In EKS Blueprints, you don't directly use addMasterRole
as you would with eks.AwsAuth
. Instead, you define teams, including a platform team that has administrative access to the cluster.
The error you're encountering suggests that there might be an issue with the IAM role ARN you're using. Here's how you can modify your code to correctly set up the platform team:
-
First, ensure that the IAM role ARN you're using is correct and has the necessary permissions.
-
Then, modify your code to create the platform team like this:
const platformTeam = new blueprints.PlatformTeam({ name: "platform-team", userRoleArn: "arn:aws:iam::********:role/AWSReservedSSO_AdministratorAccess_********" });
- After defining the platform team, you need to add it to your EKS Blueprint when building the cluster:
blueprints.EksBlueprint.builder() .addTeam(platformTeam) // ... other configuration ... .build(scope, 'my-eks-blueprint');
This approach will create the necessary IAM roles and Kubernetes RBAC configurations to grant the specified IAM role administrative access to your EKS cluster.
Remember to replace the placeholder ARN with your actual IAM role ARN. Also, make sure that the IAM role you're using has the necessary permissions to assume the roles created by EKS Blueprints.
If you're still encountering issues, double-check that the IAM role exists and that you have the correct permissions to reference it in your AWS account.
Sources
Simplify integration of your Amazon EKS cluster with Amazon EKS Blueprints for CDK | Integration & Automation
Relevant content
- asked 2 years ago
- asked 3 months ago
- asked 3 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago