AWS::EKS::AccessEntry AccessPolicy - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::EKS::AccessEntry AccessPolicy

An access policy includes permissions that allow Amazon EKS to authorize an IAM principal to work with Kubernetes objects on your cluster. The policies are managed by Amazon EKS, but they're not IAM policies. You can't view the permissions in the policies using the API. The permissions for many of the policies are similar to the Kubernetes cluster-admin, admin, edit, and view cluster roles. For more information about these cluster roles, see User-facing roles in the Kubernetes documentation. To view the contents of the policies, see Access policy permissions in the Amazon EKS User Guide.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "AccessScope" : AccessScope, "PolicyArn" : String }



The scope of an AccessPolicy that's associated to an AccessEntry.

Required: Yes

Type: AccessScope

Update requires: No interruption


The ARN of the access policy.

Required: Yes

Type: String

Update requires: No interruption