Difference between revisions of "Terraform EKS module: aws auth roles"
Jump to navigation
Jump to search
(9 intermediate revisions by 3 users not shown) | |||
Line 3: | Line 3: | ||
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles | https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles | ||
− | + | == Official examples == | |
aws_auth_roles = [ | aws_auth_roles = [ | ||
Line 13: | Line 13: | ||
] | ] | ||
− | + | {{aws_auth_users_example}} | |
− | + | ||
− | + | == EKS karpenter official example == | |
− | + | ||
− | + | [[manage_aws_auth_configmap]] = true | |
− | + | [[aws_auth_roles]] = [ | |
+ | # We need to add in the Karpenter node IAM role for nodes launched by Karpenter | ||
{ | { | ||
− | + | rolearn = module.karpenter.role_arn | |
− | username = " | + | username = "system:node:{{EC2PrivateDNSName}}" |
− | groups | + | groups = [ |
+ | "[[system:bootstrappers]]", | ||
+ | "[[system:nodes]]", | ||
+ | ] | ||
}, | }, | ||
− | |||
− | |||
== Related == | == Related == | ||
− | * <code>[[aws_auth_users]]</code> | + | * <code>[[aws_auth_users]], [[aws_auth_accounts]]</code> |
* [[Amazon EKS authorization]] | * [[Amazon EKS authorization]] | ||
+ | * <code>[[system:nodes]], [[system:bootstrappers]]</code> | ||
+ | * [[Terraform resource: aws_iam_role]] | ||
== See also == | == See also == | ||
+ | * {{system:}} | ||
* {{Terraform EKS module}} | * {{Terraform EKS module}} | ||
* {{tf eks}} | * {{tf eks}} | ||
[[Category:EKS]] | [[Category:EKS]] |
Latest revision as of 11:09, 20 December 2023
List of role maps to add to the aws-auth
configmap
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles
Official examples[edit]
aws_auth_roles = [ { rolearn = "arn:aws:iam::66666666666:role/role1" username = "role1" groups = ["system:masters"] }, ]
aws_auth_users = [ { userarn = "arn:aws:iam::66666666666:user/user1" username = "user1" groups = ["system:masters"] }, { userarn = "arn:aws:iam::66666666666:user/user2" username = "user2" groups = ["system:masters"] }, ]
EKS karpenter official example[edit]
manage_aws_auth_configmap = true aws_auth_roles = [ # We need to add in the Karpenter node IAM role for nodes launched by Karpenter { rolearn = module.karpenter.role_arn username = "system:node:Template:EC2PrivateDNSName" groups = [ "system:bootstrappers", "system:nodes", ] },
Related[edit]
aws_auth_users, aws_auth_accounts
- Amazon EKS authorization
system:nodes, system:bootstrappers
- Terraform resource: aws_iam_role
See also[edit]
system:, system:masters, system:controller:, system:anonymous, system:serviceaccount:, system:serviceaccounts:, system:bootstrappers, system:node, system:nodes
,kubectl get clusterroles
- Terraform EKS module:
manage_aws_auth_configmap, create_aws_auth_configmap, aws_auth_roles, aws_auth_users, aws_auth_accounts, module.eks, Amazon EKS Blueprints for Terraform, OIDC
- Terraform EKS: EKS module, EKS resources, EKS provider, EKS data sources
Advertising: