Difference between revisions of "Terraform EKS module: aws auth roles"
Jump to navigation
Jump to search
(2 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles | https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles | ||
− | + | == Official examples == | |
aws_auth_roles = [ | aws_auth_roles = [ | ||
Line 14: | Line 14: | ||
{{aws_auth_users_example}} | {{aws_auth_users_example}} | ||
+ | |||
+ | == EKS karpenter official example == | ||
+ | |||
+ | [[manage_aws_auth_configmap]] = true | ||
+ | [[aws_auth_roles]] = [ | ||
+ | # We need to add in the Karpenter node IAM role for nodes launched by Karpenter | ||
+ | { | ||
+ | rolearn = module.karpenter.role_arn | ||
+ | username = "system:node:{{EC2PrivateDNSName}}" | ||
+ | groups = [ | ||
+ | "[[system:bootstrappers]]", | ||
+ | "[[system:nodes]]", | ||
+ | ] | ||
+ | }, | ||
+ | |||
Line 20: | Line 35: | ||
* [[Amazon EKS authorization]] | * [[Amazon EKS authorization]] | ||
* <code>[[system:nodes]], [[system:bootstrappers]]</code> | * <code>[[system:nodes]], [[system:bootstrappers]]</code> | ||
+ | * [[Terraform resource: aws_iam_role]] | ||
== See also == | == See also == | ||
+ | * {{system:}} | ||
* {{Terraform EKS module}} | * {{Terraform EKS module}} | ||
* {{tf eks}} | * {{tf eks}} | ||
[[Category:EKS]] | [[Category:EKS]] |
Latest revision as of 11:09, 20 December 2023
List of role maps to add to the aws-auth
configmap
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles
Official examples[edit]
aws_auth_roles = [ { rolearn = "arn:aws:iam::66666666666:role/role1" username = "role1" groups = ["system:masters"] }, ]
aws_auth_users = [ { userarn = "arn:aws:iam::66666666666:user/user1" username = "user1" groups = ["system:masters"] }, { userarn = "arn:aws:iam::66666666666:user/user2" username = "user2" groups = ["system:masters"] }, ]
EKS karpenter official example[edit]
manage_aws_auth_configmap = true aws_auth_roles = [ # We need to add in the Karpenter node IAM role for nodes launched by Karpenter { rolearn = module.karpenter.role_arn username = "system:node:Template:EC2PrivateDNSName" groups = [ "system:bootstrappers", "system:nodes", ] },
Related[edit]
aws_auth_users, aws_auth_accounts
- Amazon EKS authorization
system:nodes, system:bootstrappers
- Terraform resource: aws_iam_role
See also[edit]
system:, system:masters, system:controller:, system:anonymous, system:serviceaccount:, system:serviceaccounts:, system:bootstrappers, system:node, system:nodes
,kubectl get clusterroles
- Terraform EKS module:
manage_aws_auth_configmap, create_aws_auth_configmap, aws_auth_roles, aws_auth_users, aws_auth_accounts, module.eks, Amazon EKS Blueprints for Terraform, OIDC
- Terraform EKS: EKS module, EKS resources, EKS provider, EKS data sources
Advertising: