Difference between revisions of "Terraform EKS module: aws auth roles"

From wikieduonline
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles
 
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles
  
Form official example:
+
== Official examples ==
  
 
   aws_auth_roles = [
 
   aws_auth_roles = [
Line 14: Line 14:
  
 
  {{aws_auth_users_example}}
 
  {{aws_auth_users_example}}
 +
 +
== EKS karpenter official example ==
 +
 +
  [[manage_aws_auth_configmap]] = true
 +
  [[aws_auth_roles]] = [
 +
    # We need to add in the Karpenter node IAM role for nodes launched by Karpenter
 +
    {
 +
      rolearn  = module.karpenter.role_arn
 +
      username = "system:node:{{EC2PrivateDNSName}}"
 +
      groups = [
 +
        "[[system:bootstrappers]]",
 +
        "[[system:nodes]]",
 +
      ]
 +
    },
 +
  
  
Line 20: Line 35:
 
* [[Amazon EKS authorization]]
 
* [[Amazon EKS authorization]]
 
* <code>[[system:nodes]], [[system:bootstrappers]]</code>
 
* <code>[[system:nodes]], [[system:bootstrappers]]</code>
 +
* [[Terraform resource: aws_iam_role]]
  
 
== See also ==
 
== See also ==
 +
* {{system:}}
 
* {{Terraform EKS module}}
 
* {{Terraform EKS module}}
 
* {{tf eks}}
 
* {{tf eks}}
  
 
[[Category:EKS]]
 
[[Category:EKS]]

Latest revision as of 11:09, 20 December 2023

List of role maps to add to the aws-auth configmap

https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles

Official examples[edit]

 aws_auth_roles = [
   {
     rolearn  = "arn:aws:iam::66666666666:role/role1"
     username = "role1"
     groups   = ["system:masters"]
   },
 ]
  aws_auth_users = [
   {
     userarn  = "arn:aws:iam::66666666666:user/user1"
     username = "user1"
     groups   = ["system:masters"]
   },
   {
     userarn  = "arn:aws:iam::66666666666:user/user2"
     username = "user2"
     groups   = ["system:masters"]
   },
 ]

EKS karpenter official example[edit]

 manage_aws_auth_configmap = true
 aws_auth_roles = [
   # We need to add in the Karpenter node IAM role for nodes launched by Karpenter
   {
     rolearn  = module.karpenter.role_arn
     username = "system:node:Template:EC2PrivateDNSName"
     groups = [
       "system:bootstrappers",
       "system:nodes",
     ]
   },


Related[edit]

See also[edit]

Advertising: