By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Authorise IAM user for all EKS clusters in an AWS account

1

We need to monitor nodes and pods in all clusters. To get this information, IAM user should be authorised using ClusterRoleBinding. As per our understanding, ClusterRoleBinding needs to be applied for every cluster in EKS separately to get access to a cluster for a specific IAM user. It also requires us to keep a watch on new cluster creation as authorisation needs to be done for new cluster as soon as it's added. This is very cumbersome. Is there any way by which an IAM user can be authorised for all EKS clusters in an AWS account in one step? Also, this user should get access to newly created clusters.

Topics
Security, Identity, & ComplianceContainersAWS Well-Architected FrameworkManagement & Governance
Tags
AWS Identity and Access ManagementAmazon Elastic Kubernetes ServiceSecurityAWS Account Management
Language
English
rePost-User-1968636
asked a year ago318 views
1 Answer
2
Accepted Answer

Hi,

The only way would be to automate the modification of the particular config file that modifies the aws-auth ConfigMap adding the particular user/role. For example if you are using CDK you can use the class AwsAuth to add roles/users at the cluster creation time. Here is an alternative with terraform.

If all the clusters are created with the same user/role, you could also create a recurrent tasks that lists all the EKS clusters and checks & modifies all the cluster to be compliant with the current IAM access allow.

Hope this helps!

AWS
Pablo Guzman
answered a year ago
profile picture
EXPERT
Oleksii Bebych
reviewed 18 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content