Difference between revisions of "Terraform EKS module: aws auth roles"
Jump to navigation
Jump to search
| (19 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | List of role maps to add to the <code>[[aws-auth]]</code> configmap | |
| + | |||
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles | https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles | ||
| + | == Official examples == | ||
| + | |||
| + | aws_auth_roles = [ | ||
| + | { | ||
| + | rolearn = "arn:aws:iam::66666666666:role/role1" | ||
| + | username = "role1" | ||
| + | groups = ["[[system:masters]]"] | ||
| + | }, | ||
| + | ] | ||
| + | |||
| + | {{aws_auth_users_example}} | ||
| + | |||
| + | == EKS karpenter official example == | ||
| − | [[ | + | [[manage_aws_auth_configmap]] = true |
| + | [[aws_auth_roles]] = [ | ||
| + | # We need to add in the Karpenter node IAM role for nodes launched by Karpenter | ||
| + | { | ||
| + | rolearn = module.karpenter.role_arn | ||
| + | username = "system:node:{{EC2PrivateDNSName}}" | ||
| + | groups = [ | ||
| + | "[[system:bootstrappers]]", | ||
| + | "[[system:nodes]]", | ||
| + | ] | ||
| + | }, | ||
| + | |||
| + | == Related == | ||
| + | * <code>[[aws_auth_users]], [[aws_auth_accounts]]</code> | ||
| + | * [[Amazon EKS authorization]] | ||
| + | * <code>[[system:nodes]], [[system:bootstrappers]]</code> | ||
| + | * [[Terraform resource: aws_iam_role]] | ||
== See also == | == See also == | ||
| + | * {{system:}} | ||
* {{Terraform EKS module}} | * {{Terraform EKS module}} | ||
| + | * {{tf eks}} | ||
| + | |||
| + | [[Category:EKS]] | ||
Latest revision as of 11:09, 20 December 2023
List of role maps to add to the aws-auth configmap
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles
Official examples[edit]
aws_auth_roles = [
{
rolearn = "arn:aws:iam::66666666666:role/role1"
username = "role1"
groups = ["system:masters"]
},
]
aws_auth_users = [ { userarn = "arn:aws:iam::66666666666:user/user1" username = "user1" groups = ["system:masters"] }, { userarn = "arn:aws:iam::66666666666:user/user2" username = "user2" groups = ["system:masters"] }, ]
EKS karpenter official example[edit]
manage_aws_auth_configmap = true aws_auth_roles = [ # We need to add in the Karpenter node IAM role for nodes launched by Karpenter { rolearn = module.karpenter.role_arn username = "system:node:Template:EC2PrivateDNSName" groups = [ "system:bootstrappers", "system:nodes", ] },
Related[edit]
aws_auth_users, aws_auth_accounts- Amazon EKS authorization
system:nodes, system:bootstrappers- Terraform resource: aws_iam_role
See also[edit]
system:, system:masters, system:controller:, system:anonymous, system:serviceaccount:, system:serviceaccounts:, system:bootstrappers, system:node, system:nodes,kubectl get clusterroles- Terraform EKS module:
manage_aws_auth_configmap, create_aws_auth_configmap, aws_auth_roles, aws_auth_users, aws_auth_accounts, module.eks, Amazon EKS Blueprints for Terraform, OIDC - Terraform EKS: EKS module, EKS resources, EKS provider, EKS data sources
Advertising:
