Manage access
Learn how to manage access to your Amazon EKS cluster. Using Amazon EKS requires knowledge of how both Kubernetes and Amazon Identity and Access Management (Amazon IAM) handle access control.
This section includes:
Grant access to Kubernetes APIs — Learn how to enable applications or users to authenticate to the Kubernetes API. You can use access entries, the aws-auth ConfigMap, or an external OIDC provider.
Creating or updating a kubeconfig file for an Amazon EKS cluster — Learn how to configure kubectl to communicate with your Amazon EKS cluster. Use the Amazon CLI to create a kubeconfig file.
Grant Kubernetes workloads access to Amazon using Kubernetes Service Accounts — Learn how to associate a Kubernetes service account with Amazon IAM Roles. You can use Pod Identity or IAM Roles for Service Accounts (IRSA).
Common Tasks:
-
Grant developers access to the Kubernetes API. View Kubernetes resources in the Amazon Web Services Management Console.
-
Solution: Use Access Entries to associate Kubernetes RBAC permissions with Amazon IAM Users or Roles.
-
-
Configure kubectl to talk to an Amazon EKS cluster using Amazon Credentials.
-
Solution: Use the Amazon CLI to create a kubeconfig file.
-
-
Use an external identity provider, such as Ping Identity, to authenticate users to the Kubernetes API.
-
Solution: Link an external OIDC provider.
-
-
Grant workloads on your Kubernetes cluster the ability to call Amazon APIs.
-
Solution: Use Pod Identity to associate an Amazon IAM Role to a Kubernetes Service Account.
-
Background:
-
Review the Kubernetes Role Based Access Control (RBAC) Model
-
For more information about managing access to Amazon resources, see the Amazon IAM User Guide. Alternatively, take a free introductory training on using Amazon IAM
.