Difference between revisions of "Terraform EKS module: aws auth roles"

From wikieduonline
Jump to navigation Jump to search
 
(9 intermediate revisions by 3 users not shown)
Line 3: Line 3:
 
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles
 
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles
  
Form official example:
+
== Official examples ==
  
 
   aws_auth_roles = [
 
   aws_auth_roles = [
Line 13: Line 13:
 
   ]
 
   ]
  
  aws_auth_users = [
+
{{aws_auth_users_example}}
    {
+
 
      userarn  = "arn:aws:iam::66666666666:user/user1"
+
== EKS karpenter official example ==
      username = "user1"
+
 
      groups   = ["system:masters"]
+
  [[manage_aws_auth_configmap]] = true
     },
+
   [[aws_auth_roles]] = [
 +
     # We need to add in the Karpenter node IAM role for nodes launched by Karpenter
 
     {
 
     {
       userarn = "arn:aws:iam::66666666666:user/user2"
+
       rolearn = module.karpenter.role_arn
       username = "user2"
+
       username = "system:node:{{EC2PrivateDNSName}}"
       groups   = ["system:masters"]
+
       groups = [
 +
        "[[system:bootstrappers]]",
 +
        "[[system:nodes]]",
 +
      ]
 
     },
 
     },
  ]
 
 
  
  
  
 
== Related ==
 
== Related ==
* <code>[[aws_auth_users]]</code>
+
* <code>[[aws_auth_users]], [[aws_auth_accounts]]</code>
 
* [[Amazon EKS authorization]]
 
* [[Amazon EKS authorization]]
 +
* <code>[[system:nodes]], [[system:bootstrappers]]</code>
 +
* [[Terraform resource: aws_iam_role]]
  
 
== See also ==
 
== See also ==
 +
* {{system:}}
 
* {{Terraform EKS module}}
 
* {{Terraform EKS module}}
 
* {{tf eks}}
 
* {{tf eks}}
  
 
[[Category:EKS]]
 
[[Category:EKS]]

Latest revision as of 11:09, 20 December 2023

List of role maps to add to the aws-auth configmap

https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles

Official examples[edit]

 aws_auth_roles = [
   {
     rolearn  = "arn:aws:iam::66666666666:role/role1"
     username = "role1"
     groups   = ["system:masters"]
   },
 ]
  aws_auth_users = [
   {
     userarn  = "arn:aws:iam::66666666666:user/user1"
     username = "user1"
     groups   = ["system:masters"]
   },
   {
     userarn  = "arn:aws:iam::66666666666:user/user2"
     username = "user2"
     groups   = ["system:masters"]
   },
 ]

EKS karpenter official example[edit]

 manage_aws_auth_configmap = true
 aws_auth_roles = [
   # We need to add in the Karpenter node IAM role for nodes launched by Karpenter
   {
     rolearn  = module.karpenter.role_arn
     username = "system:node:Template:EC2PrivateDNSName"
     groups = [
       "system:bootstrappers",
       "system:nodes",
     ]
   },


Related[edit]

See also[edit]

Advertising: