Last active
October 13, 2023 04:06
-
-
Save matwerber1/2fb376aba2c9fea69686df849c77f192 to your computer and use it in GitHub Desktop.
Snippet of Amazon EKS aws-auth configmap that grants cluster admin permissions to a specific AWS SSO role/permission set
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example command | |
eksctl create iamidentitymapping \ | |
--cluster YOUR_CLUSTER_NAME \ | |
--arn arn:aws:iam::999999999999:role/AWSReservedSSO_YOUR-ROLE_NAME_xxxxxxxxxxxc \ | |
--username cluster-admin \ | |
--group system:masters |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
data: | |
mapRoles: | | |
- groups: | |
- system:bootstrappers | |
- system:nodes | |
rolearn: arn:aws:iam::999999999999:role/eksctl-your_cluster_name-NodeInstanceRole-19W4NV2RA7VY5 | |
username: system:node:{{EC2PrivateDNSName}} | |
- groups: | |
- system:masters | |
rolearn: arn:aws:iam::999999999999:role/AWSReservedSSO_YOUR-ROLE_NAME_xxxxxxxxxxx | |
username: cluster-admin | |
mapUsers: | | |
[] | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: "2022-02-03T23:15:18Z" | |
name: aws-auth | |
namespace: kube-system | |
resourceVersion: "91706682" | |
uid: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment